Question about pex lockfiles I have `rtl tools <git+ssh git Pants #general

Question about pex lockfiles. I have `rtl_tools@ <...

high-yak-85899

09/28/2022, 3:09 AM

Question about pex lockfiles. I have

rtl_tools@ <git+ssh://git@git.corp.astranis.com/source/rtl_tools.git@1508cf5ef4f0e645e65bfe1af5343fe1b35f0422>

in my requirements file. I'm seeing

"url": "git+ssh://****@git.corp.astranis.com/source/rtl_tools.git@1508cf5ef4f0e645e65bfe1af5343fe1b35f0422"

end up in the constraints file. What's going on with the

****

high-yak-85899

09/28/2022, 3:15 AM

I think this is a pex way of hiding if I did put ssh credentials in the url, but it's breaking things in CI since there's no password-based system. I have yet to figure out why it works fine locally.

high-yak-85899

09/28/2022, 3:34 AM

yup, just found https://github.com/pantsbuild/pex/issues/1918

high-yak-85899

09/28/2022, 3:38 AM

Original convo that sparked the bug ticket here

happy-kitchen-89482

09/28/2022, 3:38 PM

Yeah, the unfortunate workaround for now is to manually replace those ** with

git

in the lockfile… Not great, I know

high-yak-85899

09/28/2022, 4:25 PM

I already had a script for generating lockfiles before when I was using

pip-tools

. I just put a

sed

command in there after the

generate-lockfiles

command I needed. So no meaningful user impact for us at this time.

busy-vase-39202

09/28/2022, 4:48 PM

We need to figure out how to document this better so that the explanation is searchable. Readme.com doesn't know how to search for "***" and finds nothing when searching for "asterisks".

high-yak-85899

09/28/2022, 5:09 PM

I think a note/warning in https://www.pantsbuild.org/docs/python-third-party-dependencies#pex-vs-poetry-for-lockfile-generation would be nice. Here's the bash script I have to generate for me and resolve the git url things

Copy code

#!/bin/bash
cd "$(dirname "$0")"
echo "Generating constraints file..."
../pants generate-lockfiles --custom-command='./scripts/generate_constraints.sh' --resolve=python-default
# Now clean up git stuff until <https://github.com/pantsbuild/pex/issues/1918> is
# resolved
sed -i 's/\*\*\*\*@git/git@git/g' ../constraints.txt

busy-vase-39202

09/28/2022, 8:04 PM

Would you be interested in submitting a patch to the docs? The file is at https://github.com/pantsbuild/pants/blob/main/docs/markdown/Python/python/python-third-party-dependencies.md I figure you have best perspective on what terms someone would be searching for and what they'd want described there.

busy-vase-39202

09/28/2022, 8:05 PM

(Or feel free to submit via the frontend, using the page's Suggest Edits button. Either approach is fine.)

enough-analyst-54434

09/30/2022, 6:50 PM

Please no doc hack patches! Fix here: https://github.com/pantsbuild/pex/pull/1923

busy-vase-39202

10/03/2022, 5:39 PM

Thanks for the clarification, John 👍

6 Views

Open in Slack

Previous Next