migrate to poetry #315
migrate to poetry #315
Conversation
|
Mmm, surprisingly it's not that slow in travis, maybe it's a weird interaction with docker on mac :S |
There was a problem hiding this comment.
Looks good. Just a couple of comments.
Regarding your questions:
- I found a workaround here which I tested and it works.
TL;DR:__version__ = pkg_resources.get_distribution("nornir").version
pkg_resourcesis shipped with setuptools, but since we are on Python 3.6, the setuptools is shipped with the Python. - For all of my projects it is not slow. ("slow" is relative, and it is slower than
pip, but not significant) I am not sure how we could troubleshoot it. Do you have some reference time? Notice something strange during the build stage?
| requests = "^2.21" | ||
| "ruamel.yaml" = "^0.15.85" | ||
| mypy_extensions = "^0.4.1" | ||
| pydantic = "^0.17.0" |
There was a problem hiding this comment.
I think the versioning should be evaluated on per package basis..
For example, I'd propose to keep requests as *. Something less stable as pydantic could be pinned more aggressively. The main reasoning why - when a new (major) version of something like requests comes, nornir users will not be able to update to it, until we change in nornir
There was a problem hiding this comment.
Just to double-check, are you ok with versions >= 2.0.0 and <= 3.0.0? I thought you would leave something like ^2.18.1 so that it translates to >= 2.18.1 and <= 3.0.0
| requests-mock = "^1.5" | ||
| black = {version = "^18.3-alpha.0",allows-prereleases = true} | ||
| mypy = "^0.650.0" | ||
| [build-system] |
There was a problem hiding this comment.
For all of my dev dependencies I do "*" and do poetry update periodically. It really helps to improve the code earlier, especially with mypy and black, which are actively developed and new features come out quite often.
There was a problem hiding this comment.
Shouldn't black be black==18.6b4 (i.e. this is what we are currently specifying)?
There was a problem hiding this comment.
I want to upgrade it as it has improvements to the internal API that some IDE plugins require. Shouldn't change anything on the code (at least it doesn't change anything on nornir or any of my other projects)
|
Disregard my comment about slowness. It's a problem with docker for mac. It's slower than pip but it's not that bad when using a regular VM. |
|
I would have thought freezing development dependencies would be one of the main objectives here? In other words, a meaningful annoyance is development dependencies causing the build to break due to changes in those libraries (i.e. totally unrelated to any PR, the unit tests break). So I definitely vote to freeze everything in requirements-dev.txt. I probably care less about the sub-dependencies of the things in requirements-dev.txt (since this seems to cause fewer build breaks than the main dependencies in requirements-dev.txt). Black I think we should freeze for extended periods of time. Black updates that cause meaningful code formatting changes would be pretty ugly for outstanding PRs and the needed rebasing. Or worded differently, we get 95% of the value from having auto-formatting and the incremental value of new versions of black isn't that great relative. My vote on the top-level dependencies (i.e. requirements.txt) is generally to have a >= requirement so that we get the newest version by default. NAPALM and Netmiko should probably be regression tested against Nornir prior to releasing them and I wouldn't want Nornir users to be actually using downrev versions of these libraries. And forcing downrev versions would significantly slow down getting fixes to people. |
|
@ktbyers |
Okay, makes sense. Okay, makes sense...thanks. |
|
I think we should focus on what is the desired high-level workflow and then how do we map that into Poetry (as far as dependency updates, testing, and what gets installed by end-users using the library). Here is my view on it:
What are other people's thoughts on this? |
|
Based on your feedback I am going to start setting the following workflow, we can iterate on it later on as we move forward and we see what works at what doesn't:
|
|
@dbarrosop the problem with pinning non-dev dependencies (even to a major release) is that once a new major version of that dependency is out and it is user app's dependency too, they can't update to it, until the new nornir version is released. |
|
Libraries don't change major version that often and when they do there is a compelling reason for that so we will want to look into it. For instance:
So basically, I don't see this as a problem and it clearly documents what we support. |
| password: | ||
| secure: kUJVNxWPy2J1LrB3Mu7uo4iDBLYFuNNZhUCgrueJy1hQJOQc2W7+RE3h2gKV/TmCOEDaXZxE8uN9GVX5TqJqFvycu6F1YUkhsgIg8ocKOtrpNqGWOnA7xCC9HN7V75xiTgtbkUadmlr+ui72FqSfryvO+hwmqgEeSbBK/tP9mHhB906CueGr1SZ8pSeJlvgqeiyqL/nTy3bvCi+sQdAjeXh2+sFvVMwcLgN4cYXcjNu3UD1YNJIZfUogbHvATmDRQtPYctIgDuwWRpzltVDnahhwP1zxIGFVIyW/BVsuQHtb3sNzt9WjdFmqLp927rBxEMJBoYYkK7kwOk94FLdazI/KpQGGLusGzhCSghrDzLcKRAoGv7ZrT65M6E/cmjLD9LcqmcLCqK19OlI66scbg3hn7nl9kLZ3UhqqMQOr51nK6dKBxXe0Fpzsy7V8p4WhLCg9BSTb1Bu6FNZvzNh+qovvC3hA2Gz0SUelEpf3STdeihgcbjlkVm6lz8b5/5ZhNTiF+bE2kNChchOrHg3ki5/yMV6KTmV3Gsd89GCQbAFB9vQwa981ZUnIfpapg5vLkW3uHfafrVadK+AyPYJ9rsWRmQ0MG9dCF4DeersqcVz7Aw8WFipC8kzr6SG91T8F8+okzBM7x8vX4S9/52HCa2aFKADHmyqtLpFvHaRkOsE= | ||
| provider: script | ||
| script: poetry publish |
There was a problem hiding this comment.
I like how the whole lifecycle is happening now, including build/deploy.
| # The full version, including alpha/beta/rc tags. | ||
| release = __version__ | ||
| release = extract_version() | ||
|
|
There was a problem hiding this comment.
Reading from disk and parsing toml file twice.
This WA __version__ = pkg_resources.get_distribution("nornir").version didn't work?
| requests = "^2.21" | ||
| "ruamel.yaml" = "^0.15.85" | ||
| mypy_extensions = "^0.4.1" | ||
| pydantic = "^0.17.0" |
There was a problem hiding this comment.
Just to double-check, are you ok with versions >= 2.0.0 and <= 3.0.0? I thought you would leave something like ^2.18.1 so that it translates to >= 2.18.1 and <= 3.0.0
|
I vote that we don't pin napalm or netmiko to major versions (that we only say it has to be greater than X version). From a practical standpoint on both NAPALM and Netmiko we should know in advance if we broke compatibility and if we did break things accidentally then we would probably release a new version of NAPALM/Netmiko fairly quickly to fix it. I also advocate that we 100% pin all of the dev dependencies as I hate the dev tooling breaking the build. We should also pin pydantic to an exact version (given all of its instability) and I probably vote we 100% pin mypy as well. |
again, everything is already pinned via the lock file, pinning it explicitly in toml file is not useful, because then it is harder to update using |
|
Good point...I keep forgetting the lock file mechanism. Wouldn't we need to In other words, shouldn't Travis-CI be identical to what an end-user doing an install would experience (as far as the non development dependencies). I could have easily missed it, but that is not what I was seeing? Also wouldn't the nbval docker image need to use the lock file? |
The greater than X is not really needed as
travis-ci is using the new docker mechanism I developed instead of tox which basically installs the software with |
Is that right? When end-users install Nornir, they are only going to use PIP which will only use the pyproject.toml file. In other words, don't we need the TOML file to enforce minimum requirements? I think this question would also still stand: In other words, I would think one significant goal would be the Travis-CI to always match what end-users install with a fresh pip install for the production dependencies (not the dev dependencies). |
No, because travis build needs dev dependencies to run pytest, mypy, pylama, etc. Deploy stage just uses
napalm and netmiko are non-dev dependencies, so what you mention is going to happen in dev (our) environment when we do Side note, I've had a number of problems in production with That said, since David already mentioned that we are ok with releasing a new minor version of Nornir whenever a new major version of non-dev dependency is released, I don't want to keep fighting this. I think we can try and if in the future it proves to be too much overhead, we can re-evaluate it. So once my latest review comments are addressed, it is LGTM. |
|
Update: I was talking with Kirk privately and I think we came to an interesting idea. |
fixing
That doesn't work, unfortunately: If you do I am merging this one after fixing the "greater than" requirements issue dmfigol highlighted. We can keep the discussion on the main issue and iterate on this although I don't think there is much that can be improved at this point :( |
|
@dbarrosop Thanks for testing/checking on the --no-dev (obviously different behavior than I expected, but that is what I get for not testing it). |
|
@dbarrosop This is merged, but could you still address my comment?
I've also raised python-poetry/poetry#829 |
That doesn't work in this particular case as RTD doesn't support poetry so I can't install the development version of the code to build the docs from the source. However, if you make it work somehow I will be glad to merge it (couldn't see any way of doing it myself) |
@dmfigol @ktbyers
I opened this PR which introduces poetry, however, there are two problems with poetry, one of them which may be a blocker:
poetrydoesn't seem to be able to read the version from a file or from python code, so we either need to removeversion.pyor duplicate the version (don't like it but it's not a big deal)poetryis insanely slow. Just runtime make build_test_containerin the develop branch and then on this one, you will see it's untenable. There is an issue inpoetryrepo but I don't know the state of it; Poetry package install time seems longer than installing with pip python-poetry/poetry#338