hundreds-father-404
08/04/2022, 8:17 PM[python].requirement_constraints
until we have landed local requirement support for Pex?hundreds-father-404
08/04/2022, 8:17 PMenough-analyst-54434
08/04/2022, 8:18 PMenough-analyst-54434
08/04/2022, 8:18 PMhundreds-father-404
08/04/2022, 8:22 PM--path-mapping
, right?hundreds-father-404
08/04/2022, 8:23 PMenough-analyst-54434
08/04/2022, 8:34 PMenough-analyst-54434
08/04/2022, 8:43 PMhundreds-father-404
08/04/2022, 8:47 PMenough-analyst-54434
08/04/2022, 8:49 PMhundreds-father-404
08/04/2022, 9:18 PMIn the meantime, the workaround is to host the files in a private repository / index and load it withFrom our docs on local requirements. Given that there's an (awkward) workaround, sounds good to not cherry-pick.[python-repos]
hundreds-father-404
08/04/2022, 10:19 PM[python].requirement_constraints
and pushing people to [python].resolves
?
John has pointed out we're in a bad place because requirement constraints are genuinely useful, including when generating lockfiles, to force (transitive) deps to a particular value. The issue is we abused them to act like lockfiles, and now we can't safely retcon the semantics w/o breaking deprecation policy
I would like to see requirement constraints support as pip intended it to be. I see two options:
1. Deprecate the old abused semantics. Once fully removed, add the option back, but with the different semantics
2. Add a new option now but with a different name. Still probably deprecate the old abused semantics, but we don't need to
cc @happy-kitchen-89482hundreds-father-404
08/04/2022, 10:22 PM[python].resolve_all_constraints
is the real problem I think. We could:
1. Keep [python].requirement_constraints
forever
2. Hook up [python].requirement_constraints
to [python].resolves
, whereas right now they are mutually exclusive
3. Deprecate [python].resolve_all_constraints
enough-analyst-54434
08/04/2022, 10:58 PMpython_requirement("pandas", constraints=["requests==2.0.0"])
) that constraint should to apply to all resolves "pandas" was a part of. I absolutely do not care about spelling, I just want to try to get a complete picture of actually using constraints means to an end user before we / in case we get off track.hundreds-father-404
08/04/2022, 11:00 PMRequirement constraints are at least a per-resolve thing; so the configuration should support that.Ah, thank you! That was one of the big things I was going to ask for input on: whether the constraints file should apply to tool lockfiles too
hundreds-father-404
08/04/2022, 11:01 PMIOW, you often want to constrain a transitive dep of - say - pandas. If Pants let you do so (~ python_requirement("pandas", constraints=["requests==2.0.0"])) that constraint should to apply to all resolves "pandas" was a part of.The resolve must have only one entry per dep, though, right? (Outside of env markers like
; sys_platform
)
So this would invite an error where dep A pins pandas to ==2.0, but dep B pins to ==3.0
Constraints-file-per-resolve makes sense to meenough-analyst-54434
08/04/2022, 11:03 PMenough-analyst-54434
08/04/2022, 11:03 PMenough-analyst-54434
08/04/2022, 11:04 PMenough-analyst-54434
08/04/2022, 11:04 PMenough-analyst-54434
08/04/2022, 11:04 PMhappy-kitchen-89482
08/05/2022, 12:05 AMlock
command, that constrains non-immediate deps. So at a first pass this could be a field on python_requirement()
, that you specify with overrides, and it's up to you to not specify conflicting constraints (which is true no matter what format we pick I suppose)hundreds-father-404
08/05/2022, 12:07 AMhundreds-father-404
08/05/2022, 12:10 AM--no-binary
as a per-resolve option? It seems easy to contrive a scenario where you need that; resolve A uses Django 1 which can't use binary deps, but resolve B uses Django 3 where it's safe to
I think when you added that option, resolves were still pretty experimental. Now, it's converging to be the main way to use Python reqs. So it's less of a problem to only support the mechanism when using resolveshappy-kitchen-89482
08/05/2022, 12:18 AMhundreds-father-404
08/05/2022, 12:19 AMhundreds-father-404
08/05/2022, 12:20 AM--binary
should per-resolve, rather than global. Thoughts?enough-analyst-54434
08/05/2022, 12:35 AM--binary
simply is per-resolve. If Pants makes it global, that's Pants limiting things. Is there a good reason to do so? Super unlikely.hundreds-father-404
08/05/2022, 12:40 AMhappy-kitchen-89482
08/05/2022, 12:45 AMhappy-kitchen-89482
08/05/2022, 12:46 AMhundreds-father-404
08/05/2022, 12:48 AMWe now have all sorts of inputs to lockfile generation that may make sense to belong in a BUILD file rather than configNote that this option + new constraints option both should operate on tool lockfiles too. Whereas
[python].resolves_to_interpreter_constraints
is solely for [python].resolves
. This implies that both tool lockfiles & user resolves will need to migrate to being targets: possibly a bigger change than you were thinking?happy-kitchen-89482
08/05/2022, 2:05 AMhappy-kitchen-89482
08/05/2022, 2:06 AMhappy-kitchen-89482
08/05/2022, 2:08 AMhundreds-father-404
08/05/2022, 2:14 AMin that we force resolves to be centrally definedYeah, that was a very intentional design decision from Stu and me: only admins should be defining new resolves, or at a minimum, they should be pinged. This is the same argument for named interpreter constraints: https://github.com/pantsbuild/pants/issues/12652
is pretty error-proneEh, we have code that actively validates all the strings are recognized and gives a good error message if it's not. I don't see how it's any jankier than having to use a target address
happy-kitchen-89482
08/05/2022, 2:18 AM