plain-night-51324
01/04/2023, 6:55 PM./pants generate-lockfile
how do we improve the workflow? Convert it to poetry? (it doesn’t seem to support monorepo) Do I still need to go through this process? it seems pants does not support a --check option currently for lockfiles so the lockfile and my requirements could go out of date.polite-garden-50641
01/04/2023, 7:06 PMsed '/^\/\//d' <PATH-TO-PEX-LOCKFILE> > dist/pex_lock.json # remove pants comments from lock file
python3 -m venv .venv && source .venv/bin/activate && pip install pex==2.1.114
PEX_TOOLS=1 .venv/bin/pex --lock dist/pex_lock.json --include-tools -- venv --pip --bin-path prepend --collisions-ok .venv
pex3 lock export dist/pex_lock.json > dist/pip-lockfile.txt
to generate a pip compatible lockfile with versions and hashes. (based on the requirements.txt format, I forget the pep #)plain-night-51324
01/04/2023, 9:24 PMpolite-garden-50641
01/04/2023, 9:28 PMplain-night-51324
01/04/2023, 9:48 PMpolite-garden-50641
01/04/2023, 9:55 PMhappy-kitchen-89482
01/04/2023, 10:13 PMall-requirements.txt
could be the source for generating the lockfile.chilly-holiday-77415
01/05/2023, 9:52 AMpoetry export
over ./generate-lockfile
- my assumption is that you retain poetry’s lockfile behaviour being manipulated by poetry add/remove package
that Pants doesn’t care about - are there other differences?enough-analyst-54434
01/05/2023, 3:37 PMchilly-holiday-77415
01/06/2023, 12:46 PMhappy-kitchen-89482
01/06/2023, 2:14 PMgenerate-lockfiles
will turn those into a full transitive lockfilemodern-monkey-78364
01/10/2023, 7:18 AMDoes pants handle dependency validation automatically (i.e. making sure that dep_a is compatible with dep_b) or will we need to use pip explicitly for it to add to requirements.txt?
plain-night-51324
01/10/2023, 8:34 AMhappy-kitchen-89482
01/10/2023, 10:48 AMgenerate-lockfiles
delegates to pex, which delegates to pip, and by default to an older pip that may be slower. If you're on a Pants 2.16 dev release you can set pip_version=22.3
under [python]
and get newer pip, which may have relevant perf improvementsenough-analyst-54434
01/10/2023, 11:59 AMhappy-kitchen-89482
01/10/2023, 12:39 PMchilly-holiday-77415
01/10/2023, 12:45 PM./pants add-my-dep
./pants remove-my-dep
./pants bump-my-dep
, as it’s not difficult to add a helper script to do that once you grok that it’s nearly the same as what a Poetry user is used to, but the small gap feels much larger in terms of ergonomics than it really is: just to support your earlier thought Benjy:
> I think using pex lockfiles makes more sense than using poetry, at this pointmodern-monkey-78364
01/10/2023, 6:12 PM@modern-monkey-78364 I’m not sure I understand what you mean by “dependency validation”@happy-kitchen-89482 I mean sometimes in requirements.txt we have a dependency prometheus-client=0.14.1 and we want to add another dependency ray=2.2.0 to the project. Now ray 2.2.0 internally dependency upon prometheus-client < 0.14. So, if I currently add ray dependency right now with
poetry add ray
, it will fail and mention that ray version is not compatible with existing prometheus-client version. Wanted to understand how it is taken care by pants.happy-kitchen-89482
01/10/2023, 7:00 PMplain-night-51324
01/10/2023, 7:01 PMmodern-monkey-78364
01/10/2023, 7:14 PMYes, lockfile generation will fail on that kind of thingWould it also tell why it failed? E.g. prometheus-client is incompatible with ray?
plain-night-51324
01/10/2023, 7:14 PMmodern-monkey-78364
01/10/2023, 7:15 PMhappy-kitchen-89482
01/10/2023, 10:49 PM