Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Personal/rheldst 19003 #57

Merged
merged 2 commits into from
Nov 29, 2023
Merged

Personal/rheldst 19003 #57

merged 2 commits into from
Nov 29, 2023

Conversation

jm-wk
Copy link
Contributor

@jm-wk jm-wk commented Nov 14, 2023
edited
Loading

We have set up dependency pinning via poetry lock file. I have chosen poetry since it is the only tool that reliably manages dependency pinning for multiple versions of python.

Unfortunately, since poetry forces installation of all dependencies with PEP517 enforced, rpm-py-installer has to be taken out of dependencies and installed separately. This should not pose a great problem, since rpm-py-installer is not being maintained and the last update was in August 2022. Also there is a PR for replacing rpm-py-installer with rpmdyn here.

We have set up renovate to update dependencies. It will update the dependencies for the following parts of the project:

  • poetry
  • dockerfile
  • docker-compose
  • github-actions

Renovate was set up to run every weekend and to automerge all but major updates on Tuesday 12:00.

@jm-wk jm-wk requested review from rohanpm and rbikar as code owners November 14, 2023 20:10
@github-actions GitHub Actions
Copy link

Warning: The mypy type checker has found some errors. See the mypy job for details

@codecov-commenter
Copy link

codecov-commenter commented Nov 14, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (6526f09) 100.00% compared to head (9b03317) 100.00%.

Additional details and impacted files 
@@            Coverage Diff            @@
##            master       #57   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           13        12    -1     
  Lines          786       785    -1     
=========================================
- Hits           786       785    -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rbikar
Copy link
Member

rbikar commented Nov 21, 2023
edited
Loading

I have chosen poetry since it is the only tool that reliably manages dependency pinning for multiple versions of python.

I am not super experienced with poetry but can you explain how dependency pinning for multiple versions works? And also how does poetry decide for which python version it should pin deps (I assume that current poetry.lock is for py3.9).

rbikar
rbikar requested changes Nov 21, 2023
View reviewed changes
docker/Dockerfile-app Outdated Show resolved Hide resolved
.github/workflows/release.yml Show resolved Hide resolved
@github-actions GitHub Actions
Copy link

Warning: The mypy type checker has found some errors. See the mypy job for details

1 similar comment
@github-actions GitHub Actions
Copy link

Warning: The mypy type checker has found some errors. See the mypy job for details

@jm-wk
Copy link
Contributor Author

jm-wk commented Nov 23, 2023

I have chosen poetry since it is the only tool that reliably manages dependency pinning for multiple versions of python.

I am not super experienced with poetry but can you explain how dependency pinning for multiple versions works? And also how does poetry decide for which python version it should pin deps (I assume that current poetry.lock is for py3.9).

I haven't found any official documentation on how Poetry handles multiple versions of Python, but from the lock file structure and some github issues I inferred that:
Poetry tries to depsolve for all possible Python versions and OSs/architectures and if there are different package versions for each Py version/OS/arch then it writes all package versions to the lockfile (see eg. httptools in our poetry.lock). During installation Poetry only picks the package version that corresponds to the environment.

@github-actions GitHub Actions
Copy link

Warning: The mypy type checker has found some errors. See the mypy job for details

1 similar comment
@github-actions GitHub Actions
Copy link

Warning: The mypy type checker has found some errors. See the mypy job for details

jm-wk and others added 2 commits November 28, 2023 12:26
@jm-wk
Add poetry for dependency management [RHELDST-19003]
63f4652 
Since poetry is the only tool that reliably solves dependency management
for multiple python versions, we move to installing dependencies via
poetry.

This has the downside that we have to remove rpm-py-installer from
dependencies managed with poetry and install it separately, as poetry
only installs PEP517-compliant packages and rpm-py-installer is not
PEP517 compliant. This should not however cause issues with updating
dependencies as the rpm-py-installer package is virtually unmaintained
at the moment and the last update to the package was in Aug 2022.
@renovate @jm-wk
Add renovate.json
79f04c7
@github-actions GitHub Actions
Copy link

Warning: The mypy type checker has found some errors. See the mypy job for details

@rbikar rbikar merged commit 266750c into release-engineering:master Nov 29, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbikar rbikar rbikar approved these changes

@rohanpm rohanpm Awaiting requested review from rohanpm

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jm-wk @codecov-commenter @rbikar