-
-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support URLs as packages #807
Conversation
Codecov Report
@@ Coverage Diff @@
## master #807 +/- ##
==========================================
+ Coverage 98.82% 98.83% +0.01%
==========================================
Files 36 36
Lines 2119 2147 +28
Branches 275 278 +3
==========================================
+ Hits 2094 2122 +28
Misses 15 15
Partials 10 10
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would be great if you could increase coverage
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So many tries to implement this feature, hope this will be eventually merged. Thank you for great work! Have minor comments. And it would be nice not to decrease the test coverage.
Thanks for working on this! Tried this quickly, and it fails when not using
Used |
5d59167
to
3263535
Compare
Thanks for the reviews! I believe my updates address all the comments so far. I was able to greatly simplify the
Good catch -- this should be fixed now.
I think so, yes -- it should just copy URLs directly to requirements.txt, along with their deps. Looks like starlette doesn't have any dependencies so you'd just see the original URL. |
Shouldn't it pin it at the current commit? (that's what I did in #169 back then) |
Update: the code I was adapting only applied to http/scm URLs and excluded file URLs, but I think file URLs actually work just fine. The latest commit removes the exclusion and adds tests for file URLs. This also lets us drop the whole UnsupportedConstraint codepath because we're no longer excluding anything as unsupported. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we skip the pip master failures and merged this as is?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've noticed that pip-sync
would try to sync URL package every time.
$ pip-compile
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile
#
https://github.com/pallets/click/archive/7.0.zip
$ pip-sync
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting https://github.com/pallets/click/archive/7.0.zip (from -r /var/folders/4x/rz_w89dx1z3bydfd6qpdjn_h0000gn/T/tmp7O5s_H (line 1))
Downloading https://github.com/pallets/click/archive/7.0.zip
- 1.3MB 2.6MB/s
Building wheels for collected packages: Click
Building wheel for Click (setup.py) ... done
Stored in directory: /private/var/folders/4x/rz_w89dx1z3bydfd6qpdjn_h0000gn/T/pip-ephem-wheel-cache-1eHUT2/wheels/3f/4c/b1/bb74f5eeb10363c51faaaa45211c996886de6beb3fbd804067
Successfully built Click
Installing collected packages: Click
Found existing installation: click 6.7
Uninstalling click-6.7:
Successfully uninstalled click-6.7
Successfully installed Click-7.0
$ pip-sync
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting https://github.com/pallets/click/archive/7.0.zip (from -r /var/folders/4x/rz_w89dx1z3bydfd6qpdjn_h0000gn/T/tmpW22iN9 (line 1))
Downloading https://github.com/pallets/click/archive/7.0.zip
- 624kB 2.2MB/s
Requirement already satisfied (use --upgrade to upgrade): Click==7.0 from https://github.com/pallets/click/archive/7.0.zip in ./.venv/lib/python2.7/site-packages (from -r /var/folders/4x/rz_w89dx1z3bydfd6qpdjn_h0000gn/T/tmpW22iN9 (line 1))
Building wheels for collected packages: Click
Building wheel for Click (setup.py) ... done
Stored in directory: /private/var/folders/4x/rz_w89dx1z3bydfd6qpdjn_h0000gn/T/pip-ephem-wheel-cache-oY4xDG/wheels/3f/4c/b1/bb74f5eeb10363c51faaaa45211c996886de6beb3fbd804067
Successfully built Click
On the second pip-sync
it's only built wheels and warned that Requirement already satisfied
.
Oh, I see what you mean! Yes, it would be better to pin vcs URLs at the current commit. What do you think of saving that feature for a separate pull request? The current PR is not a regression, AFAIK -- it treats |
Good catch. The latest commit allows you to avoid this by providing the pinned version in the egg fragment:
I think that's the best we can do, right? If the version isn't provided in the URL, the archive has to be downloaded and checked. |
Great!
You are right. Turns out that's correct behaviour. BTW, i've tried egg fragment with only package name:
Shouldn't it download and check version if there is only package name in egg fragment and no version? |
393d434
to
6129847
Compare
Oops, yes it should. In fact it should download and reinstall, even if the version number matches in the download, because we don't know if the URL has changed. For example, suppose you change requirements.in from:
to
It would be surprising if pip-sync didn't change anything because I didn't update the version in my fork, right? We don't know how the installed module was specified, so we have to uninstall and reinstall on every pip-sync. My latest commit hopefully strikes a good balance:
|
Awesome! Would've been nice to have tests for each scenario in |
Those scenarios are tested via What else is left to get this merged? I looked at the codecov/patch report, and I think the only lines that lost coverage are guards that are no longer hit, but that I'm wary of removing in case there are edge cases I don't know about. |
Squashed! |
Anything else pending on this? |
Seems that this will land in 3.7.0 and there is one issued open, see: https://github.com/jazzband/pip-tools/milestone/19 isn't it? |
We can postpone this issue to the next release. |
I'll prepare a release within next 24 hours. |
@atugushev I validated pip-tools 3.7.0 release, it's on pypi.org now |
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file. One other thing I do here is reconcile the pshtt/ssylze/cryptography dependency-hell situation by pinning the version of sslyze to the latest one that supports (a) the most recent, secure version of cryptography, and (b) python 3.5. Some of the versions of these packages were not release the last time this situation was examined.
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file. One other thing I do here is reconcile the pshtt/ssylze/cryptography dependency-hell situation by pinning the version of sslyze to the latest one that supports (a) the most recent, secure version of cryptography, and (b) python 3.5. Some of the versions of these packages were not release the last time this situation was examined.
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file.
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file.
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file.
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file.
See jazzband/pip-tools#807 for more information about permitting URLs as packages. We want this because --generate-hashes works with URL-based requirements but not with Git-repo-based requirements. Subtle different, but it works. As such I think it's okay to remove the separate github URL requirements file.
Fix #272
This PR handles URLs in requirements.in, building on work by @nim65s and @toejough.
This is similar to the previous PR #764, but I rebased @toejough's latest on top of master, updated the PyPI download url and some tests, and added support for --generate-hashes.
Note that URL requirements don't work for packages that use setuptools_scm, including pip-tools itself, but that's an inherent limitation of URL requirements and not an issue with pip-compile.
Changelog-friendly one-liner: Support URLs as packages
Contributor checklist