melodic-carpenter-39613
02/08/2023, 9:18 AMResolutionImpossible
when running ./pants generate-lock-files
due to multiple pinned versions of bcrypt (3.2.2 vs 4.0.1), but only have a single pinned version (3.2.2) in my top-level requirements. How would I use pants to debug the constraints for each package similar to pipdeptree
so that I can work out where the issue is coming from?refined-addition-53644
02/08/2023, 9:22 AM--ldebug
or --keep-sandboxes=always
mentioned here
https://www.pantsbuild.org/docs/troubleshootingmelodic-carpenter-39613
02/08/2023, 10:51 AMpex
and __run.sh
and could in theory invoke the PEX separately and retry. Interestingly there are no files within the .tmp
, so for instance I cannot view /tmp/pants-sandbox-0k4B7q/.tmp/pex-pip-log.mzg5u2ix/pip.log
.
How would I go about trying to find the pants dependency or sub-dependency that is causing the issue from here?refined-addition-53644
02/08/2023, 12:21 PMmelodic-carpenter-39613
02/08/2023, 12:43 PMpip install
with the environment variable PIP_VERBOSE=3
and inspect the output. This is useful for instance when pip is taking a long time to resolve requirements as I can identify situations where pip is attempting to download lots of different versions of packages and testing to see if they satisfy all the package version constraints (in the dependency tree). With pants it is a black box -ldebug
and/or setting the environment variable PEX_VERBOSITY=9
doesn't give me any more insight other than knowing that pants is attempting to generate a specific lockfile and the time taken so far to do so - is there a way to get more detail here that I've missed in the pants docs?
On the flip side when pip installs everything (which could theoretically include version conflicts which it then warns about), I would see what the dependency tree is for a given virtual environment using deptree and/or pipdeptree which together I can work out where potential version conflicts are coming from.
Any help on how to do this sort of debugging using pants would be most appreciated π πmelodic-carpenter-39613
02/08/2023, 12:49 PM./pants dependencies --transitive ::
but this gives me a list of all dependencies, but does not attribute each to a particular pants resolve and/or give any version constraints (in the case of python_requirements
targets.melodic-carpenter-39613
02/08/2023, 1:03 PM./pants generate-lockfiles
was previously taking me 5+ minutes for a relatively modest set of top-level dependencies and re-running the command appears to then take roughly the same amount of time, which feels like I am not benefiting from using pants vs using vanilla pip and is annoying as alternatives such as pipenv (via Pipfile) allow more control over when to lock. Is there a way to make pants smarter here, particularly if no source files have been changed?
4. How do I increase the verbosity of the pants wrapped pip process so that I can identify what is happening during the lock process (e.g. similar to pipenv lock --verbose
) rather than wait for a failure to spit out an error?refined-addition-53644
02/08/2023, 1:04 PMenough-analyst-54434
02/08/2023, 1:11 PM--preserve-pip-download-log
but you won't need that in this case. Your output snippet above shows ... bcrypt==3.2.2; python_version >= "3.6" bcrypt==4.0.1; python_version >= "3.6" ...
in the requirements list Pants invokes Pex with; so the error message is dead on. These 2 conflicting requirements are coming directly from top level user requirements in your repo.enough-analyst-54434
02/08/2023, 1:12 PMmelodic-carpenter-39613
02/08/2023, 1:21 PMbcrypt==3.2.2
in my requirements.txt
which feeds into python-default
resolve). I've came to the conclusion that it is not a top-level dependency that I have specified that is requesting bcrypt==4.0.1
and causing the conflict and is instead some sub-dependency hence why I am interested in getting more verbose output of the pants locking process.enough-analyst-54434
02/08/2023, 1:22 PMenough-analyst-54434
02/08/2023, 1:23 PMenough-analyst-54434
02/08/2023, 1:23 PMmelodic-carpenter-39613
02/08/2023, 1:29 PMpython-default
, however I do have a python_requirements
target with a different resolve in a BUILD
file in the same directory as a pipenv Pipfile
, however this is not currently causing me issues.
How would I filter all targets in pants dependencies --transitive
to list only python_requirements
targets, ideally matching python-default
?melodic-carpenter-39613
02/08/2023, 1:30 PMpyproject.toml
dependencies in my repo currently)enough-analyst-54434
02/08/2023, 1:34 PMenough-analyst-54434
02/08/2023, 1:45 PMpython_version >= "3.6"
is a potential red flag unless your repo is truly consumed by Python 3.6 and greater. If not, the marker can likely be narrowed and, likewise `interpreter_constraints`narrowed - this all helps to shrink the lock solve space and speed up locks.melodic-carpenter-39613
02/08/2023, 1:57 PMPipfile
just in case it was relevant, but my main problem is with the default lockfile.
Due to the fact I could only find one entry for bcrypt
in the source code I suspected that the conflict is being pulled in as a subdependency of another one of the top-level python requirements.melodic-carpenter-39613
02/08/2023, 1:59 PMpython_version >= "3.6"
is valid as we are using interpreter constaints of interpreter_constraints = [">=3.7.13,<=3.8.0"]
in pants.toml
, but I guess this marker was likely added before using pants to manage dependencies. Does it harm to keep it in?enough-analyst-54434
02/08/2023, 2:02 PMmelodic-carpenter-39613
02/08/2023, 2:04 PMenough-analyst-54434
02/08/2023, 2:04 PMenough-analyst-54434
02/08/2023, 2:05 PMmelodic-carpenter-39613
02/08/2023, 2:09 PMenough-analyst-54434
02/08/2023, 2:10 PMmelodic-carpenter-39613
02/08/2023, 2:40 PMPipfile.lock
. I've included a screengrab of the BUILD
file in case you can provide some further insight into the behaviour
I'll rerun the ./pants --keep-sandboxes=always -ldebug generate-lockfiles --resolve=python-default
nowenough-analyst-54434
02/08/2023, 2:44 PMpipenv_requirements
are getting used along with the other requirements where the other bcrypt version is defined to create the lock and it's that that we need to debug.melodic-carpenter-39613
02/08/2023, 2:45 PMparametrize()
function?enough-analyst-54434
02/08/2023, 2:46 PMenough-analyst-54434
02/08/2023, 2:47 PMenough-analyst-54434
02/08/2023, 2:49 PMenough-analyst-54434
02/08/2023, 2:49 PMmelodic-carpenter-39613
02/08/2023, 2:52 PMenough-analyst-54434
02/08/2023, 3:00 PMenough-analyst-54434
02/08/2023, 3:01 PMmelodic-carpenter-39613
02/08/2023, 3:13 PMpants.toml
with some possibly sensitive stuff removed.melodic-carpenter-39613
02/08/2023, 3:14 PMBUILD
file that feeds as much of the monorepo as possible under the python-default
resolve.enough-analyst-54434
02/08/2023, 3:24 PM3rdparty/python/BUILD
requirements targets do default to a resolve of python-default
- which the docs claim they do, then those targets and your src/python/apps/radar_routines/BUILD
`pipenv_requirements`target do name different resolves. Clearly? those 2 different resolve targets are getting mixed into the process that creates the python-default
lock and that's why you see 2 bcrypt requirements being passed to Pex in the lock failure snippet you posted. That sounds buggy if so, but I'm also pretty "multiple-resolves at the Pants level" ignorant - I did all the Pex support work to implement locking, but nothing at the Pants layer.enough-analyst-54434
02/08/2023, 3:39 PMpex_binary
targets, test targets, `python_distribution`targets) never mix resolves and this may be towards your paramterize
question.enough-analyst-54434
02/08/2023, 3:46 PM3rdparty/python/BUILD
targets an explicit resolve="python-default"
just to rule out defaulting weirdness. I'll truly bow out at this point.melodic-carpenter-39613
02/09/2023, 7:07 AM