lively-dusk-46231
10/22/2022, 7:17 PMwide-midnight-78598
10/22/2022, 8:31 PMinterpreter_constraints
?
pants.toml
https://www.pantsbuild.org/docs/reference-python#interpreter_constraints
python_source
https://www.pantsbuild.org/docs/reference-python_source#codeinterpreter_constraintscode
subsystem
(e.g. Black)
https://www.pantsbuild.org/docs/reference-black#interpreter_constraints
And there are probably more....
Or maybe a lockfile for a given tool?
https://www.pantsbuild.org/docs/python-third-party-dependencies#tool-lockfiles
Or if you have conflicting deps, maybe multiple lockfiles for the project?
https://www.pantsbuild.org/docs/python-third-party-dependencies#multiple-lockfileslively-dusk-46231
10/23/2022, 3:37 AM[bandit].lockfile
for the bandit tool.
But [bandit].interpreter_constraints
does not exist.
So, I have set [python].interpreter_constraints
Also - I guess I need 2 lockfiles for bandit:
• One for python 3.6 which uses bandit==1.6.x
• Second for bandit 3.7+ which uses bandit=1.7.x
I couldn't find a way to have 2 separate lockfiles for bandit
lively-dusk-46231
10/23/2022, 3:50 AMinstall_requires
)
I can use resolves_to_interpreter_constraints
So that every resolve has it's own set of interpreter constraints
But nothing equivalent for tools like banditenough-analyst-54434
10/23/2022, 2:09 PM[bandit]
version = "bandit==1.6.*; python_version < '3.7'"
extra_requirements = [
"bandit==1.7.*; python_version >= '3.7'",
]
lively-dusk-46231
10/23/2022, 2:27 PMenough-analyst-54434
10/23/2022, 2:34 PMlively-dusk-46231
10/23/2022, 2:36 PMenough-analyst-54434
10/23/2022, 4:31 PMenough-analyst-54434
10/23/2022, 4:35 PM./pants
commands. One could use the default pants.toml
and another could use PANTS_CONFIG_FILES=pants.37plus.toml ./pants ...
or vice versa. That general idea of modifying Pants under CI is sketched out here: https://www.pantsbuild.org/docs/using-pants-in-ci#configuring-pants-for-ci-pantscitoml-optionallively-dusk-46231
10/23/2022, 5:40 PM[python].interpreter_constraints
and use that (this is the main option right now) (normally the lowest version)
◦ Add a [bandit].interpreter_constraints
and let users decide which interpreter to use so they can decide oldest/newest available version manually (which is not available now)
◦ Create separate pants.toml file for this specifically (feels like a workaround ?)
I feel like the easiest option that pants could provide is to have a [bandit].interpreter_constraints
So I can atleast constraint that based on py3.6 or py3.9 and then force all my developers + CI to just use that version for the linting
I notice that [isort].interpreter_constraints and [black].interpreter_constraints , audoflake8, already exists but equivalent for other tools like flake8, bandit does not.
Was that a conscious decision ?enough-analyst-54434
10/23/2022, 5:45 PMOr a single lockfile for multiple pythons (which is not available now)
That part is incorrect. We support this and dogfood it in the lock files we ship with Pants which support multiple interpreters and platforms. You just happen to hit a case (bandit + 3.6) with buggy metadata on PyPI.
lively-dusk-46231
10/23/2022, 5:47 PM[bandit]
version = "bandit==1.7.1; python_version < '3.7'"
extra_requirements = [
"bandit==1.7.4; python_version >= '3.7'",
]
enough-analyst-54434
10/23/2022, 5:48 PMenough-analyst-54434
10/23/2022, 5:49 PMlively-dusk-46231
10/23/2022, 5:50 PMOr a single lockfile for multiple pythons (which is not available now)Maybe I didn't write it clearly. I meant to say a single lockfile which has multiple versions of bandit for different versions of python
lively-dusk-46231
10/23/2022, 5:51 PM[bandit].interpreter_constraints
?
Or rather just having a interpreter_constraints
that every tool could override ?enough-analyst-54434
10/23/2022, 5:53 PMenough-analyst-54434
10/23/2022, 5:54 PMenough-analyst-54434
10/23/2022, 5:55 PMenough-analyst-54434
10/23/2022, 5:56 PM./pants lint runs
.lively-dusk-46231
10/23/2022, 5:56 PMenough-analyst-54434
10/23/2022, 5:57 PMlively-dusk-46231
10/23/2022, 6:00 PMenough-analyst-54434
10/23/2022, 6:00 PMenough-analyst-54434
10/23/2022, 6:02 PMpants.36.toml
, etc for each python version, then run pants with PANTS_CONFIG_FILES=pants.36.toml ./pants ...
for each toml.enough-analyst-54434
10/23/2022, 6:03 PMenough-analyst-54434
10/23/2022, 6:04 PMlively-dusk-46231
10/23/2022, 6:05 PMyou just override the options that need to changeAh - this is great. I was thinking I would need to repeat.
enough-analyst-54434
10/23/2022, 6:05 PMlively-dusk-46231
10/23/2022, 6:06 PMlint.sh
in a bash for loop 🙂 (with different PATH
)enough-analyst-54434
10/23/2022, 6:06 PMenough-analyst-54434
10/23/2022, 6:07 PMlively-dusk-46231
10/23/2022, 6:08 PMenough-analyst-54434
10/23/2022, 6:12 PMenough-analyst-54434
10/23/2022, 6:12 PMlively-dusk-46231
10/23/2022, 6:17 PMlively-dusk-46231
10/23/2022, 6:18 PMenough-analyst-54434
10/23/2022, 6:23 PM