-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump pipenv to 2022.11.5 #6104
Bump pipenv to 2022.11.5 #6104
Conversation
To fix undeterminism when generating `python_version` and `python_full_version` markers.
There were only a few validation constraints that mattered when we switched from Pipfile to plette -- from the test failures I can see one of them identified: the sources have to have a |
so what's the plan here? drop supporting older python? create fork and make pipenv that's compatible with your python versions? use different versions as noted here? had to fix yet another bug caused by the ecosystem: |
We're planning to drop support for python 3.6 which will unblock this: Timing is still TBD, see that issue for details. |
Unfortunately, bumping to the latest version of `pipenv` is currently blocked on us dropping support for Python 3.6: * #6104 (comment) So for now let's clarify the comment with a TODO... This whole bit of code may also get redone if we switch the interface we use: * #6836 But for now let's capture some notes until we can devote more time to this.
Unfortunately, bumping to the latest version of `pipenv` is currently blocked on us dropping support for Python 3.6: * #6104 (comment) So for now let's clarify the comment with a TODO... This whole bit of code may also get redone if we switch the interface we use: * #6836 But for now let's capture some notes until we can devote more time to this.
Our `pipenv` fixtures are a bit outdated... when I tried to delete Python 3.6, they started failing because we've got some code that reads the python version and tries to use that to guess at what version of python to run. However, when I tried regenerating one of these lockfiles under a newer Python, I was surprised that the entire `host-environment-markers` key disappeared. After a little digging, I found that this key was removed in 2018, which also explains why only the older fixtures have it and not the more recent fixtures. More historical context: * pypa/pipenv#753 * pypa/pipenv@ecf7842#r28870534 * pypa/pipenv@ecf7842#diff-ef852c4ac364f946819f765a6bc26f04f1b0968f31fc512949a60fa2ab0685e8L1201 In order to update our lockfiles, I first started by running `PYENV_VERSION=3.11.4 pyenv exec pipenv lock`... However, I ran into some problems because: 1. Some of the lockfiles are simply unresolvable by design in order to stress test our code. So they have to be manually munged around. 2. We are currently pinned to an olde version of `pipenv` due to conflicts with Python `3.6`, etc: #6104 Since we will soon be dropping Python 3.6, 3.7, and then planning to update `pipenv` version, I decided it would be more efficient from an engineering perspective to hack my way through the jungle with a machete for a little bit by: 1. Manually delete the key from the lockfiles (that's what this PR does) 2. File a ticket to track regenerating the `pipenv` lockfiles: #7697 3. Finish the work of deprecating EOL'd python versions and updating `pipenv` 4. Then finally regenerate the fixtures using `pipenv lock`. So in this PR I manually deleted the key... but note that I did so manually not programmatically, so these fixtures may still be outdated in other ways.
Our `pipenv` fixtures are a bit outdated... when I tried to delete Python 3.6, they started failing because we've got some code that reads the python version and tries to use that to guess at what version of python to run. However, when I tried regenerating one of these lockfiles under a newer Python, I was surprised that the entire `host-environment-markers` key disappeared. After a little digging, I found that this key was removed in 2018, which also explains why only the older fixtures have it and not the more recent fixtures. More historical context: * pypa/pipenv#753 * pypa/pipenv@ecf7842#r28870534 * pypa/pipenv@ecf7842#diff-ef852c4ac364f946819f765a6bc26f04f1b0968f31fc512949a60fa2ab0685e8L1201 In order to update our lockfiles, I first started by running `PYENV_VERSION=3.11.4 pyenv exec pipenv lock`... However, I ran into some problems because: 1. Some of the lockfiles are simply unresolvable by design in order to stress test our code. So they have to be manually munged around. 2. We are currently pinned to an olde version of `pipenv` due to conflicts with Python `3.6`, etc: #6104 Since we will soon be dropping Python 3.6, 3.7, and then planning to update `pipenv` version, I decided it would be more efficient from an engineering perspective to hack my way through the jungle with a machete for a little bit by: 1. Manually delete the key from the lockfiles (that's what this PR does) 2. File a ticket to track regenerating the `pipenv` lockfiles: #7697 3. Finish the work of deprecating EOL'd python versions and updating `pipenv` 4. Then finally regenerate the fixtures using `pipenv lock`. So in this PR I manually deleted the key... but note that I did so manually not programmatically, so these fixtures may still be outdated in other ways.
) | ||
File.write("dev-req.txt", dev_req_content) | ||
end | ||
|
||
def run_command(command, env: {}) | ||
start = Time.now | ||
command = SharedHelpers.escape_command(command) | ||
stdout, process = Open3.capture2e(env, command) | ||
stdout, _, process = Open3.capture3(env, command) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was extracted out separately into:
@@ -233,20 +233,20 @@ def post_process_lockfile(updated_lockfile_content) | |||
|
|||
def generate_updated_requirements_files | |||
req_content = run_pipenv_command( | |||
"pyenv exec pipenv lock -r" | |||
"pyenv exec pipenv requirements" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we'll instead want to long-term go with:
I'm going to close this PR in favor of: I suspect we'll hit the same test failures, but we can work through them over there... and may end up migrating to the new |
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: dependabot#6104 (comment)
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment) Co-authored-by: AbdulFattaah Popoola <[email protected]>
I think this PR would fix #6091 if it was acceptable, because it includes pypa/pipenv#5373 which I believe fixes exactly the issue reported at #6091.
However, it seems to introduce several other noise in manifest file diffs, although at least it's deterministic.
In addition to this, I think it no longer works with Python 3.6 according to pypa/pipenv#5406, so I guess we can't bump it just yet.
Fixes #6091.