Keep branch in Pipfile.lock ref for VCS requirements

[micuda]

Is your feature request related to a problem? Please describe.

I would like to ask you if is it possible to change your decision

Always store exact commit in the lockfile

from #2209 for case when VCS requirement uses branch. I think it could be handy for development. For example, in our team we set branch for VCS requirement when we develop some new feature. When the feature is done we release it and in our project we set the tag or in some cases we set the specific commit.

Describe the solution you'd like

I think it should respect passed ref in Pipfile.lock when installing package:
pipenv install -e git+https://github.com/requests/requests.git@update-3.0#egg=requests should keep update-3.0 branch in ref.
And pipenv install -e git+https://github.com/requests/requests.git@190a68550ac2172d9651470558f90cb6b754d065#egg=requests should keep 190a68550ac2172d9651470558f90cb6b754d065 hash commit in ref.

---

$ pipenv --support

Pipenv version: '2018.11.26'

Pipenv location: '/home/jcas/.local/lib/python3.5/site-packages/pipenv'

Python location: '/usr/bin/python3'

Python installations found:

• 3.5.2: /home/jcas/projects/olc/mp/virtual/pipenv_respecting_vcs_branch/bin/python3.5
• 3.6.7: /usr/bin/python3.6m
• 3.5.2: /usr/bin/python3.5m
• 3.6.7: /usr/bin/python3.6
• 2.7.12: /usr/bin/python2.7
• 3.5.2: /usr/bin/python3

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.5.2',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.8.17-040817-generic',
 'platform_system': 'Linux',
 'platform_version': '#201701090438 SMP Mon Jan 9 09:40:28 UTC 2017',
 'python_full_version': '3.5.2',
 'python_version': '3.5',
 'sys_platform': 'linux'}

System environment variables:

• SESSION_MANAGER
• PATH
• DESKTOP_SESSION
• USER
• LC_TELEPHONE
• PIP_SHIMS_BASE_MODULE
• USERNAME
• HOME
• VTE_VERSION
• SSH_AUTH_SOCK
• XDG_CONFIG_DIRS
• PS1
• QT_QPA_PLATFORMTHEME
• LOGNAME
• QT_ACCESSIBILITY
• XDG_DATA_DIRS
• MANDATORY_PATH
• PYTHONDONTWRITEBYTECODE
• GJS_DEBUG_TOPICS
• _
• VIRTUAL_ENV
• LC_PAPER
• CLUTTER_IM_MODULE
• WINDOWPATH
• MDM_LANG
• GTK_IM_MODULE
• DISPLAY
• MDMSESSION
• LC_MEASUREMENT
• LC_IDENTIFICATION
• XDG_CURRENT_DESKTOP
• LESSOPEN
• LC_ADDRESS
• OLDPWD
• PYTHONFINDER_IGNORE_UNSUPPORTED
• GTK_MODULES
• QT_LINUX_ACCESSIBILITY_ALWAYS_ON
• LANG
• LESSCLOSE
• PIP_PYTHON_PATH
• SSH_AGENT_PID
• XDG_SEAT
• XDG_SESSION_COOKIE
• XDG_RUNTIME_DIR
• XMODIFIERS
• GJS_DEBUG_OUTPUT
• WINDOWID
• CINNAMON_VERSION
• LC_NUMERIC
• XDG_VTNR
• GDMSESSION
• GNOME_DESKTOP_SESSION_ID
• XDG_SESSION_ID
• QT4_IM_MODULE
• PIP_DISABLE_PIP_VERSION_CHECK
• LC_NAME
• LC_TIME
• QT_STYLE_OVERRIDE
• XAUTHORITY
• LS_COLORS
• SHELL
• PWD
• DBUS_SESSION_BUS_ADDRESS
• LC_MONETARY
• GTK_OVERLAY_SCROLLING
• MDM_XSERVER_LOCATION
• SHLVL
• XDG_SESSION_DESKTOP
• TERM
• GDM_XSERVER_LOCATION
• DEFAULTS_PATH

Pipenv–specific environment variables:

Debug–specific environment variables:

• PATH: /home/jcas/projects/olc/mp/virtual/pipenv_respecting_vcs_branch/bin:/home/jcas/bin:/home/jcas/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/mssql-tools/bin:/opt/mssql-tools/bin
• SHELL: /bin/bash
• LANG: en_US.UTF-8
• PWD: /home/jcas/projects/olc/mp/virtual
• VIRTUAL_ENV: /home/jcas/projects/olc/mp/virtual/pipenv_respecting_vcs_branch

---

Contents of Pipfile ('/home/jcas/projects/olc/mp/virtual/Pipfile'):

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]

[packages]
requests = {git = "https://github.com/requests/requests.git",editable = true,ref = "update-3.0"}

[requires]
python_version = "3.5"

Contents of Pipfile.lock ('/home/jcas/projects/olc/mp/virtual/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "7df504f061ad19aa986a0dbb6caa8ed0f975a41bcf07f20be5bd245a704e67aa"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.5"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "certifi": {
            "hashes": [
                "sha256:47f9c83ef4c0c621eaef743f133f09fa8a74a9b75f037e8624f83bd1b6626cb7",
                "sha256:993f830721089fef441cdfeb4b2c8c9df86f0c63239f06bd025a76a7daddb033"
            ],
            "version": "==2018.11.29"
        },
        "chardet": {
            "hashes": [
                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
            ],
            "version": "==3.0.4"
        },
        "idna": {
            "hashes": [
                "sha256:3cb5ce08046c4e3a560fc02f138d0ac63e00f8ce5901a56b32ec8b7994082aab",
                "sha256:cc19709fd6d0cbfed39ea875d29ba6d4e22c0cebc510a76d6302a28385e8bb70"
            ],
            "version": "==2.5"
        },
        "requests": {
            "editable": true,
            "git": "https://github.com/requests/requests.git",
            "ref": "190a68550ac2172d9651470558f90cb6b754d065"
        },
        "urllib3": {
            "hashes": [
                "sha256:8ed6d5c1ff9d6ba84677310060d6a3a78ca3072ce0684cb3c645023009c114b1",
                "sha256:b14486978518ca0901a76ba973d7821047409d7f726f22156b24e83fd71382a5"
            ],
            "version": "==1.21.1"
        }
    },
    "develop": {}
}

[uranusjr]

No. The lock file, by definition, should be a reproducible snapshot of the dependencies. Referencing a requirement using a branch means pointing to a moving target, essentially defeating the purpose of locking. If you need to update the ref, you should re-generate the lock file.

[techalchemy]

Yeah closing this out for now -- @uranusjr basically covered why