Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add requirements.txt pinning all versions of dependencies #184

Closed
3 of 4 tasks
alyssadai opened this issue Aug 22, 2023 · 2 comments · Fixed by #185
Closed
3 of 4 tasks

Add requirements.txt pinning all versions of dependencies #184

alyssadai opened this issue Aug 22, 2023 · 2 comments · Fixed by #185
Assignees
@surchs
Labels
dependencies Dependency updates and their version upgrades. flag:blocker flag that issue is blocking at least one other issue from being completed. severity:blocker A bug or broken feature with no workaround

Comments

@alyssadai
Copy link
Contributor

alyssadai commented Aug 22, 2023
edited by surchs
Loading

Ensures version bumps don't affect our codebase behaviour in unexpected ways.
See also: #180 and #179

  • Create pinned dependencies for Docker
  • Prevent Dependabot from bumping Pydantic (to 2)
  • Protect the main branch from direct commits 👀
  • Update Dockerfile to use new requirements.txt
@alyssadai alyssadai added type:maintenance dependencies Dependency updates and their version upgrades. labels Aug 22, 2023
@alyssadai alyssadai moved this to Backlog in Neurobagel Aug 22, 2023
@alyssadai alyssadai moved this from Backlog to Specify - Done in Neurobagel Aug 22, 2023
@alyssadai alyssadai mentioned this issue Aug 22, 2023
Closed
2 tasks
@alyssadai alyssadai added the flag:blocker flag that issue is blocking at least one other issue from being completed. label Aug 22, 2023
@surchs surchs added importance:urgent severity:blocker A bug or broken feature with no workaround labels Aug 23, 2023
@surchs surchs self-assigned this Aug 23, 2023
@surchs surchs moved this from Specify - Done to Implement - Active in Neurobagel Aug 23, 2023
@surchs
Copy link
Contributor

surchs commented Aug 23, 2023
edited
Loading

Until we think of a better solution, I'd say we just use https://github.com/jazzband/pip-tools/ to handle pinning of dependencies for us. requirements.txt will turn into package-lock.json and we can always run pip-compile again to update.

wdyt @Remi-Gau? It's not poetry :)

edit: oho, I don't even need requirements.in, it can run directly from setup.cfg - that's pretty nifti

@surchs surchs mentioned this issue Aug 23, 2023
Closed
1 task
@surchs surchs moved this from Implement - Active to Implement - Done in Neurobagel Aug 23, 2023
@surchs surchs mentioned this issue Aug 23, 2023
Merged
@surchs
Copy link
Contributor

surchs commented Aug 23, 2023

Not sure how dependabot will deal with these changes, so I'm not making any configurations yet

@alyssadai alyssadai moved this from Implement - Done to Review - Active in Neurobagel Aug 23, 2023
@github-project-automation github-project-automation bot moved this from Review - Active to Review - Done in Neurobagel Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@surchs surchs

Labels
dependencies Dependency updates and their version upgrades. flag:blocker flag that issue is blocking at least one other issue from being completed. severity:blocker A bug or broken feature with no workaround
Projects
Neurobagel
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ENH] Pinning dependencies for deterministic Docker builds neurobagel/bagel-cli
2 participants
@surchs @alyssadai