<@U051221NF>, <@UB2J9BQA0>, <@U021C96KUGJ>, <@U04S...
# developmentw
witty-crayon-22786
01/03/2022, 6:49 PM@happy-kitchen-89482, @hundreds-father-404, @ancient-vegetable-10556, @enough-analyst-54434: i think that last time https://github.com/pantsbuild/pants/pull/14050 occurred (plugin with an incompatible requirement), i had hoped that moving to releasing a PEX (via #12397) would prevent the issue from recurring. but thinking about it more, anything that doesn’t do an on-the fly resolve at use-time (PEX, a lockfile, a rust binary, etc) would all potentially still suffer from this issue
witty-crayon-22786
01/03/2022, 6:49 PM…because there is one resolve which has already occurred, and then another resolve is happening for the plugin
➕ 1
h
hundreds-father-404
01/03/2022, 6:50 PMYeah, we need a lockfile for plugins to resolve this iiuc
w
witty-crayon-22786
01/03/2022, 6:51 PMso: changing tacks (and trying to tackle this more aggressively this time… “fool me once”): it occurred to me that we might want to skip using the code paths in `pkg_resources`/`setuptools` that actually check for version conflicts, and add to the
sys.pathwitty-crayon-22786
01/03/2022, 6:51 PM@hundreds-father-404: i don’t think that that would do it: it’s still two separate resolves
👍 1
a
ancient-vegetable-10556
01/03/2022, 6:51 PM@hundreds-father-404 Moreso than that, it’s probably-invalid for a plugin to specify a dependency that’s in Pants’ own transitive dependencies
w
witty-crayon-22786
01/03/2022, 6:52 PM@ancient-vegetable-10556: it’s ok as long as they’re compatible… the dependency that’s often in question is
requestsa
ancient-vegetable-10556
01/03/2022, 6:53 PM@witty-crayon-22786 Compatibility means that plugins need to move in lockstep with mainline, so that counts to me as “eventually invalid”, and should be discouraged for that reason
w
witty-crayon-22786
01/03/2022, 6:55 PM“should be discouraged”, sure. but it’s awkward for either party to need to avoid the most common packages in the ecosystem
➕ 1
witty-crayon-22786
01/03/2022, 6:56 PMa
ancient-vegetable-10556
01/03/2022, 6:57 PMThe alternative is that the resolve for a given dependency of Pants is actually part of Pants’ API, and we make sure that the plugin itself is invalid for a given version if it conflicts with Pants’ API
ancient-vegetable-10556
01/03/2022, 6:57 PM(which is to say, yes, we need to check for version conflicts, and make better guarantees on Pants’ side)
ancient-vegetable-10556
01/03/2022, 7:03 PM@witty-crayon-22786 I’m not saying that we discourage use of
requestsrequestsw
witty-crayon-22786
01/03/2022, 7:07 PM@ancient-vegetable-10556: range/floating resolves do actually mostly work, except for the two resolves problem, which is the main thrust of this thread
witty-crayon-22786
01/03/2022, 7:07 PMi.e., if both the plugin and pants itself are flexible in which version of
requestswitty-crayon-22786
01/03/2022, 7:08 PMbut two resolves mean that each range can land somewhere different.
witty-crayon-22786
01/03/2022, 7:09 PMPEX or a rust binary don’t allow for a single resolve, since the whole point is that things have been pre-resolved, and we don’t know about the plugins until runtime. generating a single lockfile for pants and the plugins would also work, because doing that requires a single resolve
➕ 1
witty-crayon-22786
01/03/2022, 7:12 PMso my thinking in https://pantsbuild.slack.com/archives/C0D7TNJHL/p1641235877010300?thread_ts=1641235771.009700&cid=C0D7TNJHL is to remove checks from plugin loading, or otherwise harmonize the resolves. we’re likely to need to switch to distributing a PEX soon anyway (for PyPI storage reasons), so the “single lockfile for pants and plugins” approach isn’t viable
a
ancient-vegetable-10556
01/03/2022, 7:13 PMAs long as there isn’t a plugin that specifies an incompatible version of a dependency, sure
w
witty-crayon-22786
01/03/2022, 7:14 PMwe either fail fast (as we did this morning) or slow (with an actual API incompatiblility) in that case
➕ 1
witty-crayon-22786
01/03/2022, 7:14 PMbut yes
h
hundreds-father-404
01/03/2022, 7:19 PMslow failure seems less likely to happen, these are stable libraries like requests
w
witty-crayon-22786
01/03/2022, 7:40 PMe
enough-analyst-54434
01/03/2022, 9:17 PMWe should probably keep the result of pip freeze from the Pants venv as a constraints input for plugin resolves. That would both be truthful and allow plugin resolves to solve correctly.
enough-analyst-54434
01/03/2022, 9:18 PMOr ... we have the constraints / lock already I guess - perhaps in the dist?
h
happy-kitchen-89482
01/03/2022, 9:24 PMLonger term, perhaps we shade and vendor Pants's requirements?
e
enough-analyst-54434
01/03/2022, 9:28 PMYeah, or isolate them in a separate Python only used for rules. Right now the Pants deps are mainly outside of rules IIUC and in boot-time / tear-down-time code paths. They all happen to share a sys.path today but maybe they don't need to. Could be complex though.
w
witty-crayon-22786
01/03/2022, 9:53 PMWe should probably keep the result of pip freeze from the Pants venv as a constraints input for plugin resolves.ah: yes… this seems like an exact match for what we want to do. basically, take the current working set, and feed it to PEX while we’re resolving plugins!
➕ 1
💡 1
witty-crayon-22786
01/03/2022, 9:54 PMtotally blanked on constraints… and also the fact that PEX is the thing doing the resolve, rather than
pkg_resourceswitty-crayon-22786
01/03/2022, 9:54 PMthanks.
witty-crayon-22786
01/03/2022, 9:55 PMand yea @happy-kitchen-89482: shading would make sense too.
witty-crayon-22786
01/04/2022, 1:42 AM