Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider downstream python version pins when generating requirements.txt #2102

Closed
ChrisHills463 opened this issue Jun 19, 2024 · 1 comment
Closed

Consider downstream python version pins when generating requirements.txt #2102

ChrisHills463 opened this issue Jun 19, 2024 · 1 comment

Comments

@ChrisHills463
Copy link

What's the problem this feature will solve?

When generating requirements.txt for a package which has multiple pinned Python version dependencies, then these should be taken into account when generating requirements.txt.

For instance, the package botocore contains the following in setup.py (note the multiple entries for package urllib3):-

requires = [
    'jmespath>=0.7.1,<2.0.0',
    'python-dateutil>=2.1,<3.0.0',
    # Prior to Python 3.10, Python doesn't require openssl 1.1.1
    # but urllib3 2.0+ does. This means all botocore users will be
    # broken by default on Amazon Linux 2 and AWS Lambda without this pin.
    'urllib3>=1.25.4,<1.27 ; python_version < "3.10"',
    'urllib3>=1.25.4,!=2.2.0,<3 ; python_version >= "3.10"',
]

Describe the solution you'd like

Generating requirements for the package botocore depends upon the version of Python that is currently running, and so the generated file may not be usable by other Python versions.

Here is an example:-

echo botocore > requirements.in
python3.9 -m piptools compile requirements.in --generate-hashes --no-annotate --no-header 2>&1 | tail -n 3

urllib3==1.26.19 \
    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168

The generated requirements.txt file will not be usable with Python >= 3.10.

Similarly, the following will result in a requirements.txt file that is not usable with Python < 3.10:-

echo botocore > requirements.in
python3.10 -m piptools compile requirements.in --generate-hashes --no-annotate --no-header 2>&1 | tail -n 3

urllib3==2.2.2 \
    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168

My desired solution is for the resulting file to contain the following:-

urllib3==1.26.19 ; python_version < "3.10" \
    --hash=sha256:37a0344459b199fce0e80b0d3569837ec6b6937435c5244e7fd73fa6006830f3 \
    --hash=sha256:3e3d753a8618b86d7de333b4223005f68720bcd6a7d2bcb9fbd2229ec7c1e429
urllib3==2.2.2 ; python_version >= "3.10" \
    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168

Alternative Solutions

For now, I manually alter the generated file to add both package versions with the Python version pins.

Additional context

N/A
@AndydeCleyre
Copy link
Contributor

AndydeCleyre commented Jun 19, 2024
edited
Loading

Thanks! This looks like a duplicate of #826, but let me know if I missed something.

@AndydeCleyre AndydeCleyre closed this as not planned Won't fix, can't repro, duplicate, stale Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AndydeCleyre @ChrisHills463