-
-
Notifications
You must be signed in to change notification settings - Fork 644
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to extend a PEX lockfile without modifying existing entries #15704
Comments
@danxmoran this amounts to a feature request against Pex. Today Pex supports:
Pants does not expose these update features. Really it doesn't expose 2 since 1 is effectively just like re-running So Pex would need a new update feature: Today, when you try to do this using the existing
Once Pex implements 3, then Pants would need to tackle the issue of lockfile updates and take these features (2 & 3) on board. |
@jsirois thanks for the context! I opened an issue in the PEX repo to track that piece of it. |
The need for lockfile updates as covered above makes sense. But as to this point:
This could/should probably be covered by a |
Yeah, I think that is easy for us to do. |
A dedicated "check" mode would be great! I'll file another ticket for that |
I missed the bit about the check. FWIW, this exists today over in Pex: Prep a lock:
Update it right away; so nothing new: no stdout and exit code 0.
Prep a simulated old lock
Update it: stdout contains updates and exit code 0
So, that gives you Perhaps Pants just running |
I guess adding an optional 'check' argument to |
The |
Had some discussion w/ Stu on this issue on Slack (https://pantsbuild.slack.com/archives/C046T6T9U/p1657905057557149). Settling on the idea of using as open as possible constraints for Would also be helpful to get a diff/migration report when the goal is completed successfully for a pre-existing lock. |
I think my ideal UX for this would be for |
Thanks for the suggestion! I think this would be feasible to pull off because we have the lockfile header with the prior requirement versions written down. If that lockfile header is missing, then we do the next best thing of generating the whole lock. |
This seems related to #12880 |
Also related: #15275 |
This regenerates Pants' main `python-default` resolve lock file for the more restricted `==3.9.*` interpreter constraints that have been recently instituted (618d627, #19096). This lock wasn't regenerated as part of that change, but future changes to dependencies will be using the new scheme, so this PR does it explicitly as a dedicated step to reduce the spurious changes. This involves two sort of changes: - the 'necessary' removal of dependencies that are no longer necessary, like `importlib-metadata` - 'unnecessary' other upgrades, to the latest (constraint-satisfying) version of existing deps (#15704). Diffs: ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == anyio 3.6.2 --> 3.7.1 asgiref 3.6.0 --> 3.7.2 charset-normalizer 3.1.0 --> 3.2.0 click 8.1.3 --> 8.1.4 httptools 0.5.0 --> 0.6.0 pluggy 1.0.0 --> 1.2.0 pydantic 1.10.7 --> 1.10.11 pyparsing 3.0.9 --> 3.1.0 python-dotenv 0.21.1 --> 1.0.0 requests 2.30.0 --> 2.31.0 ujson 5.7.0 --> 5.8.0 urllib3 2.0.2 --> 2.0.3 == Added dependencies == exceptiongroup 1.1.2 == Removed dependencies == importlib-metadata 6.6.0 importlib-resources 5.0.7 zipp 3.15.0 ```
Changelogs: * https://github.com/pantsbuild/pex/releases/tag/v2.1.157 * https://github.com/pantsbuild/pex/releases/tag/v2.1.158 * https://github.com/pantsbuild/pex/releases/tag/v2.1.159 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == attrs 23.1.0 --> 23.2.0 pex 2.1.156 --> 2.1.159 ``` Enables repl tab completion for pantsbuild#20389 Fixes a bug with `pex3 lock update` of relevance for pantsbuild#15704
Changelogs: * https://github.com/pantsbuild/pex/releases/tag/v2.1.157 * https://github.com/pantsbuild/pex/releases/tag/v2.1.158 * https://github.com/pantsbuild/pex/releases/tag/v2.1.159 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == attrs 23.1.0 --> 23.2.0 pex 2.1.156 --> 2.1.159 ``` Enables repl tab completion for #20389 Fixes a bug with `pex3 lock update` of relevance for #15704
Changelogs: * https://github.com/pantsbuild/pex/releases/tag/v2.1.160 * https://github.com/pantsbuild/pex/releases/tag/v2.1.161 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == cryptography 41.0.7 --> 42.0.1 pex 2.1.159 --> 2.1.161 pluggy 1.3.0 --> 1.4.0 pydantic 1.10.13 --> 1.10.14 python-dotenv 1.0.0 --> 1.0.1 ``` Further suport relative to pantsbuild#15704
Changelogs: * https://github.com/pantsbuild/pex/releases/tag/v2.1.160 * https://github.com/pantsbuild/pex/releases/tag/v2.1.161 * https://github.com/pantsbuild/pex/releases/tag/v2.1.162 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == certifi 2023.11.17 --> 2024.2.2 cryptography 41.0.7 --> 42.0.2 pex 2.1.159 --> 2.1.162 pluggy 1.3.0 --> 1.4.0 pydantic 1.10.13 --> 1.10.14 python-dotenv 1.0.0 --> 1.0.1 urllib3 2.1.0 --> 2.2.0 ``` Further support relative to pantsbuild#15704 Fixes pantsbuild#20474
Changelogs: * https://github.com/pantsbuild/pex/releases/tag/v2.1.160 * https://github.com/pantsbuild/pex/releases/tag/v2.1.161 * https://github.com/pantsbuild/pex/releases/tag/v2.1.162 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == certifi 2023.11.17 --> 2024.2.2 cryptography 41.0.7 --> 42.0.2 pex 2.1.159 --> 2.1.162 pluggy 1.3.0 --> 1.4.0 pydantic 1.10.13 --> 1.10.14 python-dotenv 1.0.0 --> 1.0.1 urllib3 2.1.0 --> 2.2.0 ``` Further support relative to #15704 Fixes #20474
Previously to pass along only/no-binary options Pants would create a "requirements" file and use Pip's ability to put cli args in said file [1]. This worked fine to generate the artifacts in a lockfile from scratch, but meant that the lockfile itself did not contain sufficient information to carry its own configuration forward. That is if one did `pex3 lock update` on a Pants created lockfile that originally required everything to use wheels, that specification could not be preserved in the updated lockfile. Since v2.1.161 [2] Pex has provided `--only-{wheel,build}` options to support this directly. [1] https://pip.pypa.io/en/stable/reference/requirements-file-format/#global-options [2] https://github.com/pex-tool/pex/releases/tag/v2.1.161 ref pantsbuild#15704
Previously to pass along only/no-binary options Pants would create a "requirements" file and use Pip's ability to put cli args in said file [1]. This worked fine to generate the artifacts in a lockfile from scratch, but meant that the lockfile itself did not contain sufficient information to carry its own configuration forward. That is if one did `pex3 lock update` on a Pants created lockfile that originally required everything to use wheels, that specification could not be preserved in the updated lockfile. Since v2.1.161 [2] Pex has provided `--only-{wheel,build}` options to support this directly. [1] https://pip.pypa.io/en/stable/reference/requirements-file-format/#global-options [2] https://github.com/pex-tool/pex/releases/tag/v2.1.161 ref #15704
Changelog: https://github.com/pex-tool/pex/releases/tag/v2.3.0 - `sync` of interest for pantsbuild#15704 - error message clarification regarding pantsbuild#15062 - fix for explicit flags as implemented pantsbuild#20598 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == asgiref 3.7.2 --> 3.8.1 cryptography 42.0.3 --> 42.0.5 pex 2.2.1 --> 2.3.0 pyparsing 3.1.1 --> 3.1.2 python-dateutil 2.8.2 --> 2.9.0.post0 sniffio 1.3.0 --> 1.3.1 ```
Changelog: https://github.com/pex-tool/pex/releases/tag/v2.3.0 - `sync` of interest for #15704 - error message clarification regarding #15062 - fix for explicit flags as implemented #20598 ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == asgiref 3.7.2 --> 3.8.1 cryptography 42.0.3 --> 42.0.5 pex 2.2.1 --> 2.3.0 pyparsing 3.1.1 --> 3.1.2 python-dateutil 2.8.2 --> 2.9.0.post0 sniffio 1.3.0 --> 1.3.1 ```
This would be nice! For comparison, |
As has Pex, since 2022. Pants has been exceedingly slow to adopt the Pex support. There was a recent engagement that produced fixes and more features from Pex for all this, but still no discernible motion from Pants. |
Highlighted changelogs: * https://github.com/pex-tool/pex/releases/tag/v2.4.0 * https://github.com/pex-tool/pex/releases/tag/v2.4.1 * https://github.com/pex-tool/pex/releases/tag/v2.5.0 * https://github.com/pex-tool/pex/releases/tag/v2.6.0 * https://github.com/pex-tool/pex/releases/tag/v2.7.0 * https://github.com/pex-tool/pex/releases/tag/v2.8.0 * https://github.com/pex-tool/pex/releases/tag/v2.8.1 * https://github.com/pex-tool/pex/releases/tag/v2.9.0 * https://github.com/pex-tool/pex/releases/tag/v2.10.0 * https://github.com/pex-tool/pex/releases/tag/v2.10.1 * https://github.com/pex-tool/pex/releases/tag/v2.11.0 (!) ``` Lockfile diff: 3rdparty/python/user_reqs.lock [python-default] == Upgraded dependencies == certifi 2024.6.2 --> 2024.7.4 exceptiongroup 1.2.1 --> 1.2.2 pex 2.3.3 --> 2.11.0 pydantic 1.10.16 --> 1.10.17 ``` NOTE: This updates the scrupulously backwards compatible Pex, but does not use any new features yet. The minimum version is unchanged. Possibly relevant for: #15704 #21103 #20852 #15454 #21100 #11324 #19256 #19552 #19681
Is your feature request related to a problem? Please describe.
When I add a new
python_requirement
to my repo, I run./pants generate-lockfiles
. In addition to adding a new entry for the requirement, the goal sometimes updates existing entries in my lockfile (i.e. to bump the patch version of a transitive dependency). Either before or during code review I'll typically end up manually reverting all the "unrelated" changes to keep my commit focused - this is easy to forget to do, so accidental upgrades sometimes creep through.The fact that
generate-lockfiles
might update existing entries in-place also prevents us from adding a CI check to assert that the lockfiles are up-to-date - ideally we'd rungenerate-lockfiles
and fail if there was any diff, but we can't do that if there's a chance that unrelated changes might cause the check to fail.Describe the solution you'd like
I'd like a new option on
generate-lockfiles
that tells the command to only add new entries to the lock, and not update existing ones. If it's not possible to add a new entry without updating an existing one, I'd like the command to fail with a description of the version conflict.The text was updated successfully, but these errors were encountered: