-
-
Notifications
You must be signed in to change notification settings - Fork 614
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explore decoupling from pip
's internals, using the new --dry-run
and --report
flags
#1654
Comments
One thing that is not addressed with the current implementation of Yet, that should not stop us exploring further -- the current implementation should be sufficient for generating a single platform lock file, and I'm personally keen to better understand the needs and workflows around multi platform lock files, and if it is something that pip could help with, at least in principle. |
I think this is a duplicate of #1526 Rather than add interfaces for pip-tools, pip should vendor this project and support both the constraints.txt format and the PEP 665 format cc @brettcannon |
#1526 is about implementing a new lock file format. This issue is about using a supported pip CLI instead of the unsupported pip internals to achieve the current functionality of pip-tools. So they are different. To further clarify let me emphasize that
|
Here's a primitive proof of concept using
requests
httpx
@require(install)
@for pkg in sorted(install, key=lambda p: p['metadata']['name']):
@(
required_by = sorted(
needy_pkg['metadata']['name']
for needy_pkg in install
if pkg['metadata']['name'] in (
dist.split()[0].split('[')[0]
for dist in needy_pkg['metadata'].get('requires_dist', [])
)
)
if pkg['requested']:
required_by.insert(0, "-r requirements.in")
annotation = f"# via {', '.join(required_by)}"
pin = f"{pkg['metadata']['name']}=={pkg['metadata']['version']}"
spaces = ' ' * max(26 - len(pin), 2)
)\
@{pin}@{spaces}@{annotation}
@end $ pip install -U pip wheezy.template
$ pip install --ignore-installed --dry-run --report report.json -r requirements.in
$ wheezy.template requirements.txt.wz report.json >requirements.txt
anyio==3.6.1 # via httpcore
certifi==2022.6.15 # via httpcore, httpx, requests, urllib3
charset-normalizer==2.1.0 # via requests
h11==0.12.0 # via httpcore
httpcore==0.15.0 # via httpx
httpx==0.23.0 # via -r requirements.in
idna==3.3 # via anyio, requests, rfc3986, urllib3
requests==2.28.1 # via -r requirements.in
rfc3986==1.5.0 # via httpx
sniffio==1.2.0 # via anyio, httpcore, httpx
urllib3==1.26.11 # via requests I notice that for some reason, using real |
With a little more playing around with a fake In pip-tools' code where pip's functions are called directly, we can catch the exception and inspect it to get these neat little Invoking |
If only pip could report errors in json format too. Without report:
With report:
|
We could probably include rich information about the errors/failures in the report. Could you file an issue for this, over at pip's issue tracker? |
Thanks @pradyunsg. Here is the tracking issue: pypa/pip#11316. |
First of all: thank you for pip-tools, I find it very easy to use in developing Python applications and keeping comfort on version pinning. I have been working on a new package, pipxl, to complement pip's offering, combining features from several existing packages without having to install all those, including compile and sync as found in However, I run into the same issue as @AndydeCleyre here, on not upgrading dependencies of dependencies if there is no need. The suggested solution here, i.e. better reporting on resolver errors, does seem a bit like creating your own resolver? If I understand correctly, you would pick up the error, try a new version combination, and see if it passes? Wouldn't it be better if pip supports in addition to Hope I made myself clear here. Posting this here first, as I think we have the same problem, although I guess this is ultimately a pip request, not pip-tools. |
Over in our Reading this ticket it appears it's a combination of two things:
While obviously 1️⃣ is ideal for maintaining this library, as an end-user, I care mostly about 2️⃣ . Is 1️⃣ a blocker for 2️⃣ ? Or is there a way I can pass a flag / option to the underlying Now that |
pip-compile doesn't do an install into the environment. If you're seeing packages being installed, that's likely happening to build a source distribution into a wheel (https://pip.pypa.io/en/stable/reference/build-system/, specifically, the pyproject.toml case for details). If you're seeing packages being downloaded whole, that's likely due to needing to read from the end of the |
What's the problem this feature will solve?
Currently, pip-tools depends on the internals of pip which is not a supported mode of use of pip.
Describe the solution you'd like
See pypa/pip#53 -- pip 22.2 (upcoming release) is going to add two new flags, that'll make it possible to get the resolution result from pip without performing an installation.
Alternative Solutions
Continue the current dependence on the fickle internals of pip, that I keep evolving and breaking pip-tools. :)
Additional context
Uhm... the issues on this repository, every time there's a new pip release? ;)
The text was updated successfully, but these errors were encountered: