Support rangeStrategy=update-lockfile for poetry.lock

[rarkins]

What would you like Renovate to be able to do?

Perform lockfile-only updates for Poetry

Did you already have any implementation ideas?

No. We'd need to work out if there's a Poetry command that lets us update a locked dependency version without updating all other dependencies unnecessarily.

Are there any workarounds or alternative ideas you've tried to avoid needing this feature?

Pinning package versions, but that's undesirable for libraries

Is this a feature you'd be interested in implementing yourself?

Probably not

[shughes-uk]

Hiya, this should reproduce it, the pyproject.toml is "in date" but the lockfile is stale https://github.com/shughes-uk/renovate-repro

[rarkins]

Note for future: nomnomdata-cli is set to ^0.1.5 and has version 0.1.5 installed however currently 0.1.7 is available. Unless a perfect poetry command exists for surgically updating that version, it looks like we could maybe massage the value in pyproject.toml: https://github.com/shughes-uk/renovate-repro/blob/d97faafb04321a80f5064550ec917dc6d187ca22/pyproject.toml#L9 to a fixed version e.g. 0.1.7 before then massaging it back before committing, because the lock file does not contain the original range.

[viceice]

🤔 interesting idea, can work. Did you elaborate existing poetry commands?

[rarkins]

Haven't looked yet. I prefer to use a manager's commands whenever possible though

[shughes-uk]

poetry add package@latest is probably what you would want to do that, it does trigger a lock file update though.
poetry add --dry-run package@latest may work as it'll give you the latest version in the first line, without touching the lock file?

Using version ^1.1.2 for pandas

This ticket might also contain some useful info python-poetry/poetry#1614

[rarkins]

That doesn't sound like the right command because what we want is to keep the range in pyproject.toml the same and won't it get changed by that command?

[shughes-uk]

its not the perfect command but it would help you do this

maybe massage the value in pyproject.toml: https://github.com/shughes-uk/renovate-repro/blob/d97faafb04321a80f5064550ec917dc6d187ca22/pyproject.toml#L9 to a fixed version e.g. 0.1.7 before then massaging it back before committing

[viceice]

Checked the poetry issue above and saw, currently there is no command to do a minimal lockfile Update.

The suggested workaround there is to add and remove a dummy package. ☹️

[rarkins]

Maybe we should create our own dummy package for this purpose if it's the best way.

[rarkins]

Seems there will soon be a new poetry lock --no-update option: https://github.com/python-poetry/poetry/pull/3034/files

[cailloumajor]

🚀 python-poetry/poetry#3034 is merged and released since https://github.com/python-poetry/poetry/releases/tag/1.1.1

[shughes-uk]

This is on the roadmap for poetry and seems to be exactly what I want
python-poetry/poetry#461 (comment)

[rarkins]

Forked to https://github.com/renovate-reproductions/7358

I think we still need to work out which exact command(s) should be run

[shughes-uk]

poetry update seems to be the command if you want to just update specific packages in the lockfile (within version constraints)

[koffie]

Is this still an open issue? To quote from https://docs.renovatebot.com/configuration-options/#rangestrategy

update-lockfile = Update the lock file when in-range updates are available, otherwise replace for updates out of range. Works for bundler, composer, npm, yarn, terraform and poetry so far

So the documentation explicitly says this is supported!