Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation to ensure requirements_lock is pinned. #732

Merged
merged 7 commits into from
Jun 21, 2022
Merged

Validation to ensure requirements_lock is pinned. #732

merged 7 commits into from
Jun 21, 2022

Conversation

groodt
Copy link
Collaborator

@groodt groodt commented Jun 18, 2022
edited
Loading

PR Checklist

Please check if your PR fulfills the following requirements:

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature (please, look at the "Scope of the project" section in the README.md file)
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

What is the current behavior?

Currently nothing is checking if the requirements_lock is fully pinned. It's not technically possible to ensure that a lockfile is fully pinned (without actually attempting to resolve it), but a lightweight approximation is to ensure all individual requirements are pinned (i.e. have == or ===).

What is the new behavior?

Checks if the requirement is pinned, or throws an error.

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

@groodt groodt changed the title Light validation to ensure lockfile is pinned. Validation to ensure requirements_lock is pinned. Jun 18, 2022
@groodt groodt marked this pull request as ready for review June 18, 2022 12:58
@alexeagle alexeagle merged commit c98bc8f into bazelbuild:main Jun 21, 2022
@anuragkanungo
Copy link

Hi, looks like this breaks the ability to specify a hosted whl file in the requirements.in

Having something like this in requirements.in

https://files.pythonhosted.org/packages/24/93/f5b001dc0f5de84ce049a34ff382032cd9478e1080aa6ac48470fa810577/onnx-1.11.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

generates this in requirements.lock

onnx @ https://files.pythonhosted.org/packages/24/93/f5b001dc0f5de84ce049a34ff382032cd9478e1080aa6ac48470fa810577/onnx-1.11.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl \
    --hash=sha256:67c6d2654c1c203e5c839a47900b51f588fd0de71bbd497fb193d30a0b3ec1e9

which basically then fails with

RuntimeError: The `requirements_lock` file must be fully pinned. See `compile_pip_requirements`.
Alternatively, use `pip-tools` or a similar mechanism to produce a pinned lockfile.

The following requirements were not pinned:
onnx@ https://files.pythonhosted.org/packages/24/93/f5b001dc0f5de84ce049a34ff382032cd9478e1080aa6ac48470fa810577/onnx-1.11.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl from https://files.pythonhosted.org/packages/24/93/f5b001dc0f5de84ce049a34ff382032cd9478e1080aa6ac48470fa810577/onnx-1.11.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
)

Seems like the check provided by pip, looks for == and === but not @.
https://github.com/pypa/pip/blob/main/src/pip/_internal/req/req_install.py#L252

Unless, I am missing something, it's breaking backward compatibility.

@anuragkanungo anuragkanungo mentioned this pull request Jul 4, 2022
Closed
mattem pushed a commit to mattem/rules_python that referenced this pull request Jul 7, 2022
@groodt @alexeagle @mattem
Validation to ensure requirements_lock is pinned. (bazelbuild#732)
fe2fbfd 
* Light validation to ensure lockfile is pinned.

* Clean up

* .

Co-authored-by: Alex Eagle <alex@aspect.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thundergolfer thundergolfer thundergolfer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@groodt @anuragkanungo @thundergolfer @alexeagle