Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cachi2 wheels: allow dependencies with only wheel distributions #319

Merged
merged 1 commit into from
Oct 5, 2023
Merged

cachi2 wheels: allow dependencies with only wheel distributions #319

merged 1 commit into from
Oct 5, 2023

Conversation

slimreaper35
Copy link
Member

@slimreaper35 slimreaper35 commented Sep 18, 2023
edited by chmeliik
Loading

If a user enables allow_binary option, reject only those distributions which have no source and no
wheel distributions

STONEBLD-1641

Maintainers will complete the following section

  • Commit messages are descriptive enough
  • Code coverage from testing does not decrease and new code is covered
  • n/a Docs updated (if applicable)
  • n/a Docs links in the code are still valid (if docs were updated)

@slimreaper35
Copy link
Member Author

repo for manual testing

chmeliik
chmeliik reviewed Sep 19, 2023
View reviewed changes
cachi2/core/package_managers/pip.py
Comment on lines +1816 to +1782
if best_sdist.is_yanked:
raise PackageRejected(
f"All sdists for package {name}=={version} are yanked",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, being yanked is another thing we handle for sdists but not for wheels.

It might be hard to come up with any sane way to handle yanked-ness in an allow_binary context. Maybe we should just log a warning and download yanked things anyway (for consistency: even when allow_binary=False). That's how 'yanked' is supposed to work when the version is pinned, after all. https://peps.python.org/pep-0592/#installers

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But that's probably something for a follow-up story

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, in the scenario that a package has wheels but all sdists are yanked, the request would still fail, right?

Should we file the follow-up story right away so we don't forget about it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah yeah https://issues.redhat.com/browse/STONEBLD-1811

@chmeliik
Copy link
Contributor

After adding a hash to your requirements.txt:

tensorflow==2.13.0 --hash=sha256:b2978b39e8b3919059b5fd9e28508d50a77965d06ed0b537ed71c97de22dabdf

tensorflow is still reported with missing_hash

    {
      "name": "tensorflow",
      "purl": "pkg:pypi/tensorflow@2.13.0",
      "version": "2.13.0",
      "properties": [
        {
          "name": "cachi2:found_by",
          "value": "cachi2"
        },
        {
          "name": "cachi2:missing_hash:in_file",
          "value": "requirements.txt"
        }
      ],
      "type": "library"
    }

chmeliik
chmeliik reviewed Sep 20, 2023
View reviewed changes
@slimreaper35
Copy link
Member Author

I refactored almost the whole function _process_package_distributions , to make it (hopefully) easier to understand. Currently:

  1. Find all packages on PyPI
  2. Filter those packages
  3. Log the warnings based on the results, or possibly raise exception

Did not update unit tests yet.

@chmeliik
Copy link
Contributor

I refactored almost the whole function _process_package_distributions , to make it (hopefully) easier to understand. Currently:

1. Find all packages on PyPI

2. Filter those packages

3. Log the warnings based on the results, or possibly raise exception

Did not update unit tests yet.

Nice, for me it's a lot easier to understand now 👍

@slimreaper35
Allow dependencies with only wheel distributions
3bf7b76 
If a user enables `allow_binary option`, reject only
those distributions which have no source and no
wheel distributions

STONEBLD-1641

Signed-off-by: Michal Šoltis <msoltis@redhat.com>
@slimreaper35 slimreaper35 requested a review from chmeliik October 4, 2023 08:23
chmeliik
chmeliik approved these changes Oct 4, 2023
View reviewed changes
Copy link
Contributor

@chmeliik chmeliik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

I think there's a corner case where we delete all the wheels after downloading because of checksum mismatches so there are 0 archives left for a package, but that should be extremely rare. Probably not worth handling.

@chmeliik
Copy link
Contributor

chmeliik commented Oct 4, 2023

marking docs as N/A since there's a separate docs story

ben-alkov
ben-alkov approved these changes Oct 4, 2023
View reviewed changes
Copy link
Contributor

@ben-alkov ben-alkov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chmeliik chmeliik added this pull request to the merge queue Oct 5, 2023
Merged via the queue into hermetoproject:main with commit ccf1347 Oct 5, 2023
@slimreaper35 slimreaper35 deleted the STONEBLD-1641 branch October 5, 2023 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chmeliik chmeliik chmeliik approved these changes

@brunoapimentel brunoapimentel brunoapimentel approved these changes

@ben-alkov ben-alkov ben-alkov approved these changes

@lkolacek lkolacek Awaiting requested review from lkolacek

@ejegrova ejegrova Awaiting requested review from ejegrova

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@slimreaper35 @chmeliik @brunoapimentel @ben-alkov @lkolacek