Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add --no-hash option to update, preventing metadata.content-hash #2654

Closed
wants to merge 1 commit into from
Closed

feat: add --no-hash option to update, preventing metadata.content-hash #2654

wants to merge 1 commit into from
+12 −0

Conversation

donbowman
Copy link

@donbowman donbowman commented Jul 11, 2020
edited
Loading

Currently when creating a lockfile, a metadata.content-hash field is
generated, containing the hash of the sorted contents of pyproject.toml.

However (see #496) this causes merge conflicts, particularly
when using a tool such as dependabot that makes multiple parallel
branches with dependency changes.

Add a --no-hash option to poetry update. This causes metadata.content-hash
to be omitted. In turn poetry will later complain that the lock file
may not be fresh, (although it is correct), and the user can run poetry lock
to update it, after all the merges are complete.

dependabot currently runs poetry update <DEPENDENCY> --lock, I would
propose to incrporate this PR to poetry and then modify dependabot
to have teh --no-hash option.

Pull Request Check List

Resolves: #issue-number-here

  • Added tests for changed code.
  • Updated documentation for changed code.

This was referenced Jul 11, 2020
Open
Open
@donbowman
feat: add --no-hash option to update, preventing metadata.content-hash
ff3f2af 
Currently when creating a lockfile, a metadata.content-hash field is
generated, containing the hash of the sorted contents of pyproject.toml.

However (see python-poetry#496) this causes merge conflicts, particularly
when using a tool such as dependabot that makes multiple parallel
branches with dependency changes.

Add a --no-hash option to poetry update. This causes metadata.content-hash
to be omitted. In turn poetry will later complain that the lock file
may not be fresh, (although it is correct), and the user can run poetry lock
to update it, after all the merges are complete.

dependabot currently runs `poetry update <DEPENDENCY> --lock`, I would
propose to incrporate this PR to poetry and then modify dependabot
to have teh --no-hash option.
@leplatrem leplatrem mentioned this pull request Oct 27, 2021
Merged
@Secrus
Copy link
Member

Secrus commented May 21, 2022

Hi, @donbowman are you still interested in this topic?

@donbowman
Copy link
Author

donbowman commented May 21, 2022
edited
Loading

Hi, @donbowman are you still interested in this topic?

yes, dependabot still is inneficient for us.
its a bit hard to rebase this since files were deleted and then copied to other directories.

@Mogost Mogost mentioned this pull request Aug 11, 2022
Open
@Secrus
Copy link
Member

Secrus commented Dec 31, 2022

The Poetry team has decided to reject this idea. This doesn't solve the underlying issue, which is that there is no good way of having a more mergeable lock file with our current data model.

@Secrus Secrus closed this Dec 31, 2022
@neersighted
Copy link
Member

See #496 for more discussion of this.

@github-actions GitHub Actions
Copy link

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@donbowman @Secrus @neersighted