Can I get some details on what all is happening when generat Pants #general

Can I get some details on what all is happening wh...

high-yak-85899

04/11/2023, 10:37 PM

Can I get some details on what all is happening when generating constraints and exporting a resolve? I would like to proxy pypi dependencies through our Artifactory server using their remote repository capabilities. I'm having trouble with two issues • Generating lockfiles seems to error out finding distributions. I think this is a chicken/egg problem because the distributions don't readily exist in the proxied cache until they've been `pip install`ed. • Retrieving artifacts specified in the lockfile seems to be dependent on the url in the artifacts section of a package. This doesn't trigger any caching in the remote repository because it doesn't seem to be using

pip install

. Do those observations match what the underlying tooling would be doing? I need to ask JFrog (Artifactory developers) how they expect remote repositories to be used for lockfile generation. One idea I had was to do lockfile generation without going through the proxy and then introduce the proxy when it came time to install. I don't think that works because of what I'm seeing with the second bullet above.

high-yak-85899

04/11/2023, 10:43 PM

My goal is to engage better with JFrog about how to leverage their capability, but I don't think it will be very productive if I leave so much unknown about what Pants is attempting to do.

happy-kitchen-89482

04/11/2023, 11:15 PM

Pants is using Pex to generate the lockfile, which it does here

happy-kitchen-89482

04/11/2023, 11:15 PM

Pex delegates much of that work to Pip

happy-kitchen-89482

04/11/2023, 11:15 PM

You can set up a custom package index to point at custom URLs, has that not worked for you?

happy-kitchen-89482

04/11/2023, 11:16 PM

Per https://www.pantsbuild.org/docs/restricted-internet-access#python-tools

high-yak-85899

04/11/2023, 11:18 PM

Yep, I've set up the custom index, but it doesn't find distributions. And I think that's because it hasn't formally requested them and triggered the proxy to cache them.

high-yak-85899

04/11/2023, 11:19 PM

I know my cache layer is working because if I do

pip install <some package> --index <my index>

, I pull the package I expect and see it in my cache layer.

high-yak-85899

04/11/2023, 11:20 PM

So it's intended to look and fail like a mirror, but it only caches the things you've actually requested. Don't want to be in the business of hosting all the artifacts that have ever been pushed there.

high-yak-85899

04/11/2023, 11:21 PM

That's why I had the idea to separate package exploration and package installation. But it seems I am not able to modify the paths specified in the lockfile for where artifacts are served from. I think at the export layer, pants is grabbing wheels and source distributions directly rather than getting them through pip based on what I've seen.

Open in Slack

Previous Next