👷 Divide pip constraints into distinct pairs #7460
Conversation
webknjaz
added
infra
meta
dependencies
Codecov Report
@@ Coverage Diff @@
## master #7460 +/- ##
=======================================
Coverage 97.27% 97.27%
=======================================
Files 106 106
Lines 31441 31441
Branches 3565 3565
=======================================
Hits 30585 30585
Misses 652 652
Partials 204 204
Flags with carried forward coverage won't be shown. Click here to find out more. 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
webknjaz
force-pushed
the
maintenance/pip-tools-pairs
branch
from
b1a998c to
2ee8b08
Compare
|
@Dreamsorcerer this is what I meant by revamping the lockfiles layout. Though, I believe further improvements can be made in follow-ups. |
webknjaz
force-pushed
the
maintenance/pip-tools-pairs
branch
4 times, most recently
from
34a0dbb to
3b95839
Compare
The in+txt key pairs can be managed by pip-tools and upgraded by Dependabot natively.
webknjaz
force-pushed
the
maintenance/pip-tools-pairs
branch
from
3b95839 to
23898d9
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
| # This file is autogenerated by pip-compile with Python 3.8 | ||
| # by the following command: | ||
| # | ||
| # pip-compile --allow-unsafe --output-file=requirements/base.txt --strip-extras requirements/multidict.txt |
There was a problem hiding this comment.
Looks like I messed up arguments of the for-loop I used locally. Will have to hotfix the lock files in a follow-up PR.
(cherry picked from commit 4b59d55)
This patch hotfixes PR aio-libs#7460 which mistakenly sourced incoming dependencies from the same file instead of using proper file pairs.
| Pillow < 10 # https://github.com/blockdiag/sphinxcontrib-blockdiag/issues/26 | ||
| pydantic < 2 # looks like `python-on-whales` hasn't upgraded to support v2 |
There was a problem hiding this comment.
Do we want to track these? Normally easier to just have the locks at working versions and let Dependabot PRs figure out when they are passing and can be bumped.
There was a problem hiding this comment.
Yes, otherwise pip-tools will try to upgrade to non-working versions. And dependabot would also spam with PRs likely.
FWIW, we may want to reconsider after getting the hotfixes and backports for this in.
There was a problem hiding this comment.
If it's PRs to bump pillow and pydantic, that'd be the expected behaviour to me. Once they start working, the PRs will get merged, and I can check open PRs to see which are still failing at any given time.
|
Looks like it's working! PRs to master are being automatically merged again. |
(cherry picked from commit 4b59d55)
(cherry picked from commit 4b59d55)
|
With #7469 this should now be better. @Dreamsorcerer I'll probably mass-close dependabot PRs and wait for it to start making new ones... |
|
Backport to 3.9: #7470 |
|
Backport to 3.8: #7471 |
@Dreamsorcerer I decided not to proceed with this as it's getting complicated on that branch and to get it working, further per-python constraints would need to be implemented which is a separate improvement by itself. |
The in+txt key pairs can be managed by pip-tools and upgraded by Dependabot natively.