chore(ansible): use project-local uv venv for ansible runtime deps

Moves the local ansible runtime from a global `uv tool install ansible-core`
(which required remembering `--with kubernetes --with jmespath --with dnspython`)
to a project-managed venv described by `pyproject.toml` + `uv.lock`. Fixes the
"Failed to import the required Python library (kubernetes)" error on localhost.

The localhost inventory entry now derives `ansible_python_interpreter` from
`{{ ansible_playbook_python }}`, so `uv run ansible-playbook` is enough — no
more hardcoded user-specific paths.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

ansible/README.md

@@ -1,5 +1,17 @@
 # Use Ansible
 
+## Run locally (uv)
+
+A project-local venv is defined in `pyproject.toml` at the repo root (ansible-core + the `kubernetes`, `jmespath`, `dnspython` libraries that `kubernetes.core` and friends need at runtime).
+
+```sh
+uv sync                                                # creates .venv/ and installs ansible-core + python deps
+uv run ansible-galaxy collection install -r ansible/requirements.yml
+uv run ansible-playbook -i ansible/arcodange/factory/inventory ansible/arcodange/factory/playbooks/<playbook>.yml
+```
+
+The localhost entry in the inventory uses `ansible_python_interpreter: "{{ ansible_playbook_python }}"`, so `uv run` is enough — Ansible picks up the venv's Python automatically without any hardcoded path.
+
 ## Run with docker ssh agent side proxy
 
 ### build docker images
@@ -67,31 +79,25 @@ ansible -i ,localhost -c local localhost -m raw -a "echo hello world {{ inventor
 
 ### local python environment with uv
 
-#### Install UV
-
-`python3 -m pip install uv`  
-`python3 -m uv python install 3.10 3.11 3.12`  
-`echo "export PATH=\"$(find ~/Library/Python/*/bin/uv | xargs dirname)\"" >> ~/.zshenv`  
-`echo 'export PATH="~/.local/bin:$PATH"' >> ~/.zshenv`  
-
-#### Set python version to 3.12
-
-`uv python pin 3.12` (edit .python-version file)
-
-#### Install ansible
-
-`uv tool install ansible-core --with dnspython --with jmespath --with kubernetes`  
-`echo 'export PATH="~/.local/share/uv/tools/ansible-core/bin:$PATH"' >> ~/.zshenv` 
-
-#### Install this project depedencies
+#### Install UV (one-time)
 
+```sh
+python3 -m pip install uv
+python3 -m uv python install 3.12
+echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshenv
 ```
-ansible-galaxy collection install --token 11bebd8fd1ad4009f700bdedbeb80b19743ce3d3 -r ansible/requirements.yml # token is used by a rate limiter and can be sensitive
+
+#### Bootstrap the project venv
+
+```sh
+uv sync                                                # honors .python-version (3.12) and pyproject.toml
+uv run ansible-galaxy collection install -r ansible/requirements.yml
+# `--token <token>` is only needed if you hit galaxy.ansible.com rate limits
 ```
 
 #### Run
 
-```
-ansible-galaxy collection install ./ansible/arcodange/factory -f
-ansible-playbook -i ansible/arcodange/factory/inventory ansible/arcodange/factory/playbooks/02_setup.yml
+```sh
+uv run ansible-galaxy collection install ./ansible/arcodange/factory -f
+uv run ansible-playbook -i ansible/arcodange/factory/inventory ansible/arcodange/factory/playbooks/02_setup.yml
 ```