Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide way to do full dependency locking #476

Open
Czaki opened this issue Aug 18, 2020 · 4 comments · May be fixed by #1209
Open

Provide way to do full dependency locking #476

Czaki opened this issue Aug 18, 2020 · 4 comments · May be fixed by #1209
Labels
enhancement New features, or improvements to existing features. not quite right The idea or PR has been reviewed, but more work is needed.

Comments

@Czaki
Copy link
Contributor

Czaki commented Aug 18, 2020
edited
Loading

Is your feature request related to a problem? Please describe.

If program is provided as python package it contains description of all dependencies if files like setup.cfg or pyproject.toml (ex for poetry). It will be nice to not double this entry in files

Describe the solution you'd like
To avoid double providing information it will be nice to read requirements from setup.cfg if present and append it to requires entry.

Describe alternatives you've considered
Manual manage or customs scripts which will overwrite pyproject.toml

Additional context
I could try to create such PR (but currently does not understand towncrier checks).
@Czaki Czaki added the enhancement New features, or improvements to existing features. label Aug 18, 2020
@freakboy3742
Copy link
Member

I'm slightly hesitant on this request, because setup.cfg and pyproject.toml are for different purposes, and should be expressing dependencies in a different way.

setup.cfg is for packaging a library. A library should not be hard pinning package versions - it should be specifying ranges that are valid, so that pip can resolve dependencies.

pyproject.toml (in the context of Briefcase, anyway) is for packaging apps. An app should have hard pins for all it's dependencies, because the specific versions used to deploy a particular version of an app is part of the definition of the app.

Having Briefcase to read requirements from setup.cfg is essentially reading the wrong thing - it's reading a library configuration into an app.

However, I could be convinced to expand Briefcase to use Poetry lock formats (or, better still, a PyPA-standardized format for locked requirements). Poetry can (apparently) handle different lock lists for different platforms; we'll need to incorporate that into Briefcase's usage.

I'll modify the ticket title to reflect that usage; there's a lot more design work needed here, though.

@freakboy3742 freakboy3742 added enhancement New features, or improvements to existing features. not quite right The idea or PR has been reviewed, but more work is needed. and removed enhancement New features, or improvements to existing features. labels Aug 19, 2020
@freakboy3742 freakboy3742 changed the title Read requirements from setup.cfg Provide way to do full dependency locking Aug 19, 2020
@Czaki
Copy link
Contributor Author

Czaki commented Aug 19, 2020

However, I could be convinced to expand Briefcase to use Poetry lock formats (or, better still, a PyPA-standardized format for locked requirements). Poetry can (apparently) handle different lock lists for different platforms; we'll need to incorporate that into Briefcase's usage.

In such approach I also suggest support for requirements file. This file has support in pip-tools (pip-compile command) and tools like dependabot, requires.io etc which simplify managing and updating dependecies.

@freakboy3742
Copy link
Member

We can certainly try; the problem is that requirements files don't have enough flexibility (by themselves). A project can only have a single requirements.txt file, and there's no provision for "optional" requirements. Briefcase needs to be able to specify different package lists for different platforms.

We could use different requirements files for different platforms - but AFAIK that then breaks the automated tooling around requirements files, as those tools assume a single requirements.txt file.

@Czaki
Copy link
Contributor Author

Czaki commented Aug 20, 2020

We can certainly try; the problem is that requirements files don't have enough flexibility (by themselves). A project can only have a single requirements.txt file, and there's no provision for "optional" requirements. Briefcase needs to be able to specify different package lists for different platforms.

PEP 508?
example from my test configuration pytest-xvfb ; sys_platform == 'linux'

And some entry like file:requirements/requirements_briefcase_windows.txt?

We could use different requirements files for different platforms - but AFAIK that then breaks the automated tooling around requirements files, as those tools assume a single requirements.txt file.

Which tools? I have multiple requirements file (for docs, for pyinstaller build etc) and everything works.

@moshez moshez linked a pull request Apr 24, 2023 that will close this issue
Open
4 tasks
@freakboy3742 freakboy3742 mentioned this issue Jul 20, 2023
Open
@freakboy3742 freakboy3742 mentioned this issue Apr 5, 2024
Draft
4 tasks
@freakboy3742 freakboy3742 mentioned this issue Apr 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New features, or improvements to existing features. not quite right The idea or PR has been reviewed, but more work is needed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Override requirements (at a given level) from a requirements file. moshez/briefcase
2 participants
@freakboy3742 @Czaki