Hey folks, is there a way to have pants use locked...
# general
Hey folks, is there a way to have pants use locked dependencies for a
I don't think any library python distribution formats have the ability to specify locks; it's not normally what you want from wheel or sdist. Usually you leave version locking up to the application packager
Yeah, in this case the packager is us, but the distribution method is
pip install
. I'm open to anything that lets us specify exact versions. Currently we use pants to generate a poetry-style lockfile and then use
to write that to a file and then slurp that file in
, which is gross, but it would be great if I could have pants replace all of that in a
We're hoping to move to Pex, which will remove that need completely, but this would be nice in the interim
Hi! +1 to Josh. Pants uses the requirement strings from the
targets (which usually come from a
) to set up
. Generally, Python distributions don't have a mechanism for locks, outside of pants So the best you can do is pin the version of every dependency to an exact version. Although that can make using the distribution really brittle
is the lockfile format used by `generate_lockfiles`/`lock` usable in this case? I haven't interacted with it so I don't know what kinda format it is or anything
Ok, thanks for the clarification. Pinning exact versions would be fine. This is an application, so there aren't consumers to be very annoyed.
is usable for version-pinning dependencies (with some finessing). But it doesn't look like there's an out-of-the-box way to get Pants to version-pin our dependencies in a python_distribution. We'll be fine continuing to use the setup.py. Thanks for your help!
👍 1
yeahI don't think
would help here. it doesn't impact what metadata the distribution is built with
the PEX-native lockfile which is produced by default with
is sufficient to later consume in a distribution, in the sense that the lockfile specifies a universe of valid deps.
so after producing a lockfile, you could (with a bunch of tweaking and fiddling) do something like
pex --lock=$lockfile -f=$dir-containing-my-wheel $req-for-my-wheel
… to have PEX resolve from the lockfile
but… you could also create a PEX, and ship that. that avoids actually hitting the network later when you want to “use” your binary