Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update some dependency pins so we can build with Python=3.12 #645

Merged

Conversation

valeriupredoi
Copy link
Collaborator

@valeriupredoi valeriupredoi commented Nov 24, 2023

Description

Hey folks,
My apologies for busing in - my area is usually restricted to the conda package maintenance 😁 I am attempting to build a new Prospector 1.10.3 build but with Python 3.12, and for that I had to adjust some deps pins, see conda-forge/prospector-feedstock#44 - package builds well (albeit with pip check turned off since it barfed that deps in the conda meta file were not matching upstream, and rightly so). Please have a look at the new pins, when you get a bit of time.

There is, however, a fairly big catch - this way with flake8>=6 Python 3.7 will not be supported anymore, as per #551 - I'd argue that 3.7 needs be retired since it's EOL, but that's not my place to decide it for Prospector. At any rate, if the new pins are good for you and agree with retiring 3.7 then maybe keep this open until 3.7 retirement happens.

Cheers 🍺

EDIT in order to be able to regenerate the poetry lock file correctly (poetry==1.7.1 from PyPI) I had to already pin the lowest supported version of Python to 3.8.1 - now, I am aware this not a decision I can take, I am simply fixing the mechanics of this PR, so please bear this in mind

With the more relaxed pins suggested by @sbrunner below, there is no more need to unsupport Python 3.7 - the build with Python 3.12 works very well and the environment supports 3.7-3.12 conda-forge/prospector-feedstock#44 (added 3.12 to the Github Actions tests too) 👍

Related Issue

#644

Motivation and Context

allows for building the package with Python 3.12, hence supporting the new Python 🐍

How Has This Been Tested?

Tested in the feedstock, purely from a dependencies analysis and pkg build point of view, no other code functionality test

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change): turns off support for Python 3.7

Checklist:

  • My change requires a change to the dependencies
  • I have updated the dependencies accordingly
  • I have read the CONTRIBUTING document.
  • All new and existing tests passed.

Copy link
Collaborator

@Pierre-Sassoulas Pierre-Sassoulas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for opening the issue. I think you need to run a poetry lock too -- after installing poetry with pip install poetry).

@valeriupredoi
Copy link
Collaborator Author

absolutely, I knew I'm missing something, cheers, will do it now 👍

@valeriupredoi valeriupredoi changed the title update some dependency pins so we can build with Python=3.12 update some dependency pins so we can build with Python=3.12 (and limit minimal Python version to 3.8.1) Nov 27, 2023
Copy link
Member

@sbrunner sbrunner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I add some comments because I think that the new pinning are relay too restrictive and not necessary to support Python 3.12, we should keep in mind that all the people who use Prospector should respect those constraints... then with constraints like ">=3.1.0,<3.2.0" every minor update of the library we should create a new version of Prospector to allows to use it...

pyproject.toml Outdated Show resolved Hide resolved
pyproject.toml Outdated Show resolved Hide resolved
pyproject.toml Outdated
pycodestyle = ">=2.9.0"
flake8 = ">=6.0.0"
pyflakes = ">=3.1.0,<3.2.0"
pycodestyle = ">=2.11.0"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why upgrade this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let me remove this, and keep it as it was, I'll go test these more lax pins at the feedstock in this test PR conda-forge/prospector-feedstock#44 and if all's fine then we're good to go 🍺

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sbrunner Hey, there is actually an issue with pycodestyle, so it would be nice to update it too

@sbrunner
Copy link
Member

Look relay good, probably just needs a poetry lock to update the content-hashin the poetry.lock file :-)

@valeriupredoi
Copy link
Collaborator Author

many thanks @sbrunner 🍺 The package builds very well too, see the latest build with the more relaxed pins (and build done with Python 3.12) conda-forge/prospector-feedstock#44 Great suggestions!

@valeriupredoi valeriupredoi changed the title update some dependency pins so we can build with Python=3.12 (and limit minimal Python version to 3.8.1) update some dependency pins so we can build with Python=3.12 Nov 27, 2023
.github/workflows/tests.yml Outdated Show resolved Hide resolved
pyproject.toml Outdated Show resolved Hide resolved
valeriupredoi and others added 2 commits December 4, 2023 15:54
Co-authored-by: Pierre Sassoulas <[email protected]>
Co-authored-by: Pierre Sassoulas <[email protected]>
@valeriupredoi
Copy link
Collaborator Author

valeriupredoi commented Dec 4, 2023

as Pierre suggested, I have now removed (yet again) support for python=3.7 (and feeling good about it haha). There is just one test that needs attention, unfortunately I don't know enough prospector to fix it myself (safely/correctly), sorry 🍺

@Pierre-Sassoulas
Copy link
Collaborator

Not sure about the reason for the pylama bug myself. I also see a bunch of pylint deprecation warnings that do not fair well for pylint 3.0 compat.

@valeriupredoi
Copy link
Collaborator Author

happy new year, folks! Just got myself back in work, and was wondering what's the situation of this - should I update pycodestyle too, or just wait for you good folks to get compat with pylint >=3.0 that may have to get in most all these pins anyway? Cheers 🍺

@Pierre-Sassoulas
Copy link
Collaborator

Hey happy new year @valeriupredoi ! Don't worry about pylint compatibility, let's do thing one by one, if the pipeline is fixed here we're going to merge :)

@valeriupredoi
Copy link
Collaborator Author

@Pierre-Sassoulas good man! Looking back I see the first instance of that test fail here https://github.com/landscapeio/prospector/actions/runs/6821193419/job/18554269679 - since all I am doing here is updating pins (hence packages) I am fairly sure it's not something that this PR introduces to make that test fail; comparing environments between my PR and 643, I see quite a lot of dependency version differences, but comparing 643 to the last time the tests passed, ie https://github.com/landscapeio/prospector/actions/runs/6557025877/job/17807920762 I see no difference in terms of deps versions, so it must be a code change that happened sometime before my PR, or, more plausibly, tests fail for forked PRs - could you maybe trigger the tests on the master branch pls see if they still fail? 🍺

@valeriupredoi
Copy link
Collaborator Author

friendly ping here @Pierre-Sassoulas @carlio - apols for being pesky, gents 🍺 x2

@Pierre-Sassoulas
Copy link
Collaborator

Hey I think you're right main branch is broken see dependabot's MR for example: #650

@valeriupredoi
Copy link
Collaborator Author

hi folks, what we gonna do about this and support for Python 3.12? Have a good Easter break! 🐰

@Pierre-Sassoulas
Copy link
Collaborator

Hey @valeriupredoi if someone want to open a pull request to fix main I'd review and merge it.

@valeriupredoi
Copy link
Collaborator Author

Hey @valeriupredoi if someone want to open a pull request to fix main I'd review and merge it.

cheers, mate! I'd do it meself, but unfortunately my fix would be purely mechanical (just fixing that failing test), I'm afraid I don't have the Prospector-expertise to find the actual root cause 😞

@valeriupredoi
Copy link
Collaborator Author

Hey @valeriupredoi if someone want to open a pull request to fix main I'd review and merge it.

I had a stab at it in #658 - it's not a full root cause fix, but it's something we may be able to live with 😁

blockjesper added a commit to fiaas/k8s that referenced this pull request Apr 26, 2024
Prospector is not compatible with Python 3.12 at the moment.
prospector-dev/prospector#645
@Pierre-Sassoulas
Copy link
Collaborator

Dropping python 3.7 in the CI was done in ca20287 and only permitted to fix 2 CVE over 6. This PR is necessary to be able to fix the remaining CVE. Updating the dependencies is going to fix 4 CVE at once.

@Pierre-Sassoulas Pierre-Sassoulas dismissed their stale review October 3, 2024 19:44

Taken into account or outdated

@Pierre-Sassoulas Pierre-Sassoulas added this to the 1.11.0 milestone Oct 3, 2024
@Pierre-Sassoulas Pierre-Sassoulas merged commit ffe4eab into prospector-dev:master Oct 3, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants