-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v2] Generate dependency lockfiles #8757
Conversation
Generate lockfiles from requirements files and replace requirements*.txt references to requirements*-lock.txt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple quick comments about the mock changes but those otherwise look good. A quick note that splitting these kinds of changes into two PRs may be helpful in the future. That lets us keep review overhead lower and minimizes rollback impact. Ideally if one piece is broken we don't need to write a rollback by hand, and don't rollback unnecessary changes if we use git revert
.
@@ -370,11 +370,11 @@ The latest changes to the CLI are in the ``v2`` branch on github. This is | |||
to make sure you ``git checkout v2``. | |||
|
|||
If you just want to install a snapshot of the latest development version of | |||
the CLI, you can use the ``requirements.txt`` file included in this repo. | |||
the CLI, you can use the ``requirements-dev-lock.txt`` file included in this repo. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left a similar comment for Jonathan's PR, but I don't know if we need to guide users to use the lock files. If we have a range we say we support, we shouldn't create failures because they have other tools needing something within that range.
@@ -11,13 +11,14 @@ | |||
# ANY KIND, either express or implied. See the License for the specific | |||
# language governing permissions and limitations under the License. | |||
import datetime | |||
import mock | |||
|
|||
from tests import mock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're importing mock twice in this module. It looks like this is the CLI so we should probably keep line 21.
@@ -0,0 +1,5 @@ | |||
-r requirements-base.txt | |||
tox==4.4.12 | |||
build==0.7.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious why build
is here and not in either -base
or -build
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on historic commits and comments...
requirements-build
is specifically for dependencies required for building installersbuild
was added in 2021 whilerequirements-base
was added in 2022 and seems it was missed
I would agree that it makes sense to move build
to requirements-base
@@ -0,0 +1,14 @@ | |||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we install every lockfile at once do we have anything ensuring we don't have conflicts there? i.e. if we update one lockfile but forget to do the others, will we know before we merge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm that's a good point. At a minimum we should rework regenerate-lock-files or make use of it to generate all of these at once.
This also raises another concern where we make a dependency in pyproject.toml
more restrictive but forget to regenerate requirements-docs-lock.txt
(which takes pyproject.toml
as input).
To provide a stable build environment, this PR does the following:
requirements.txt
->requirements-dev.txt
to align with AWS CLI v1 and boto projectsrequirements.txt
torequirements-dev.txt
for backwards compatibilityrequirements-build-win.txt
file as an extra source forpip-compile
so lockfiles include Windows dependenciesmock
tounittest.mock
import to remove the dependency and simplify dependency resolutionrequirements*.txt
files and replace their references in install scripts withrequirements*-lock.txt