docs: use pinned dependencies in CICD #590
Conversation
github-actions
bot
added
the
documentation
Co-authored-by: Doug Addy <[email protected]>
|
Thanks for the review @da1910 |
|
|
||
| If your project uses `flit` or `hatch`, you can use `uv <https://github.com/astral-sh/uv>`_ | ||
| to resolve the dependencies and generate a requirements file. You can use the | ||
| ``uv pip compile -o requirements.txt pyproject.toml`` command to generate a ``requirements.txt`` | ||
| file with the main dependencies defined in your project. Note that, unlike the | ||
| ``poetry.lock`` file, the requirements file does not include the variations for each installation | ||
| target. To create a requirements file with a specific extra, you can use the ``--extras`` option. | ||
| For example, you can create a requirement file with the `tests` extra by running the | ||
| ``uv pip compile --extra tests -o requirements-tests.txt pyproject.toml``. Once the file has been created, | ||
| you can use the following command in your CI workflow to install the project with `tests` | ||
| dependencies: | ||
|
|
||
| .. code-block:: yaml | ||
|
|
||
| - name: Install dependencies with extra tests | ||
| run: | | ||
| pip install -r requirements-tests.txt |
There was a problem hiding this comment.
Why don't we focus on giving guidance using the pylock.toml file moving forward (rather than the requirements.txt files usage). Not talking about poetry here
There was a problem hiding this comment.
There was a problem hiding this comment.
Very good point, this is now available with recent uv version https://github.com/astral-sh/uv/releases/tag/0.6.15.
There was a problem hiding this comment.
Just checked and it's not available yet with poetry. It's available with the latest version of pip https://pip.pypa.io/en/stable/cli/pip_lock/
There was a problem hiding this comment.
Yeah.. That's what I thought. That's also why I mentioned to leave poetry out of the mix for the pylock.toml file
There was a problem hiding this comment.
Note sure dependabot supports this kind of format yet, see dependabot/dependabot-core#12094
We should probably wait a bit more to move foward that approach. I agree to use pylock.toml though
|
Just a comment here even if the discussion is not directly related. If we want to be able to work with a specific list of scientific libraries and/or system libraries with a fine management of the "flavors"/"variants", for example specify:
We might want to have a look into a solution like https://spack.io/ (note that it should be working on windows, I don't know why they don't state it in the landing page) |
|
Just for visibility: installing with |
Following the comments in #558 (comment)
This PR aims at adding guidance on the fact that CI/CD must use pinned version dependencies. For developers using
poetryand a lock file, I don't expect any issues. But, for other developers leveraging requirements file(s) (e.g. withuv), I'm concerned about the update of this file(s) and how it will integrate in CI/CD. One way to solve this could be to have a new ansys action to the create and update of the requirements file(s). This file would be updated throughdependabotPRs and transitive dependencies could either be updated at every PR or on a weekly base.