Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/check package versions #22

Merged
merged 2 commits into from
Apr 15, 2024
Merged

Feature/check package versions #22

merged 2 commits into from
Apr 15, 2024

Conversation

pchorus
Copy link
Contributor

@pchorus pchorus commented Apr 10, 2024

As discussed @zyv and I created a GitHub Action to check package versions configured in pyproject.toml.

We want to avoid pinned versions and also lax configuration like using ^ or >=.

All we want to allow is * as general solution which is always the preferred version config.
If we need to pin version, we should use ~ which allows updates to minor or patch versions (depending on the version number that follows the ~), but never updates major versions which can contain breaking changes.

We have tested this action in django-insurance-api-v2 by using the feature branch of this repository here.
I run it with current pyproject.toml (https://github.com/moneymeets/django-insurance-api-v2/actions/runs/8632210966/job/23664358558) containing some errors and also with a fixed pyproject.toml (https://github.com/moneymeets/django-insurance-api-v2/actions/runs/8632335916/job/23662773927).

Please share your thoughts.
Is this what we are aiming for?

zyv
zyv approved these changes Apr 10, 2024
View reviewed changes
Copy link
Contributor

@zyv zyv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our code is gold! :)

mm-matthias
mm-matthias reviewed Apr 10, 2024
View reviewed changes
mm-matthias
mm-matthias approved these changes Apr 10, 2024
View reviewed changes
Copy link

@mm-matthias mm-matthias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've suggest a naming change and some minor typing, but that's it.

What you write in the PR description seems to make sense to me. I guess we need to see if this works with our repositories or whether we have any repositories that break the implemented rule.
If we ever need a different rule for whatever reason we can still discuss it as it comes up and possibly modify this versioning rule here.

marns93
marns93 requested changes Apr 11, 2024
View reviewed changes
@marns93
Copy link
Contributor

marns93 commented Apr 11, 2024

@pchorus In our daily I understood that we will forbid ^, now we will forbid >= as well which is fine for me. Before this PR will be merged, we should notify everybody, because this pattern is used in some repositories and the pipeline will fail.

@zyv
Copy link
Contributor

zyv commented Apr 11, 2024

@pchorus In our daily I understood that we will forbid ^, now we will forbid >= as well which is fine for me. Before this PR will be merged, we should notify everybody, because this pattern is used in some repositories and the pipeline will fail.

Yes, we decided that there is also no need for >=, because we can pin to ~1.2.3 if we need to, and we want to unpin as soon as possible anyways, so restriction on only minor updates does not matter. We prepared example changes for insurance API.

marns93
marns93 requested changes Apr 11, 2024
View reviewed changes
@marns93
Copy link
Contributor

marns93 commented Apr 11, 2024

@pchorus In our daily I understood that we will forbid ^, now we will forbid >= as well which is fine for me. Before this PR will be merged, we should notify everybody, because this pattern is used in some repositories and the pipeline will fail.

Yes, we decided that there is also no need for >=, because we can pin to ~1.2.3 if we need to, and we want to unpin as soon as possible anyways, so restriction on only minor updates does not matter. We prepared example changes for insurance API.

What about boto3?

boto3 = ">=1.26.148"  # Needed for dependency resolution. See also https://github.com/python-poetry/poetry/issues/5896.

Changing this to ~1.26.148 is not the same as >=. The issue is still open and we can't unpin.
Result would be >=1.26.148 <1.27.0. But we could use versions greater than 1.27.0.

So I wonder if we really should remove >=.

@zyv
Copy link
Contributor

zyv commented Apr 11, 2024

@pchorus In our daily I understood that we will forbid ^, now we will forbid >= as well which is fine for me. Before this PR will be merged, we should notify everybody, because this pattern is used in some repositories and the pipeline will fail.

Yes, we decided that there is also no need for >=, because we can pin to ~1.2.3 if we need to, and we want to unpin as soon as possible anyways, so restriction on only minor updates does not matter. We prepared example changes for insurance API.

What about boto3?

boto3 = ">=1.26.148"  # Needed for dependency resolution. See also https://github.com/python-poetry/poetry/issues/5896.

Changing this to ~1.26.148 is not the same as >=. The issue is still open and we can't unpin. Result would be >=1.26.148 <1.27.0. But we could use versions greater than 1.27.0.

So I wonder if we really should remove >=.

Argh, stupid Poetry slow resolution :( Maybe we can allow ">" as a hack to make sure that this was added manually?

@mm-matthias
Copy link

One could also add boto3 as an explicit exception to the checker.

@pchorus pchorus force-pushed the feature/check-package-versions branch from 6a01589 to 307e122 Compare April 12, 2024 05:35
@pchorus pchorus requested review from marns93, mm-matthias and zyv April 12, 2024 06:51
@pchorus pchorus force-pushed the feature/check-package-versions branch 3 times, most recently from 9aa816e to 95be261 Compare April 12, 2024 07:03
mm-matthias
mm-matthias approved these changes Apr 12, 2024
View reviewed changes
Copy link

@mm-matthias mm-matthias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did not test, but LGTM in general. I still need to talk to you guys about the "*" stuff.

catcombo
catcombo requested changes Apr 12, 2024
View reviewed changes
Copy link
Contributor

@catcombo catcombo left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the idea. Thank you for implementing this! However, I agree with @marns93 regarding pinning the problematic boto3 versions. There is also another problem with poetry: it downloads all boto3 versions to resolve dependencies if you use * which takes hours every time one run poetry update. We should either exclude boto3 from check or allow >=.

@pchorus pchorus force-pushed the feature/check-package-versions branch 2 times, most recently from 0926fd8 to 363e678 Compare April 15, 2024 06:53
@pchorus
Copy link
Contributor Author

pchorus commented Apr 15, 2024

I added a IGNORE_PACKAGES containing a tuple of package names that should be ignored. Currently, it only contains "boto3".

@pchorus pchorus force-pushed the feature/check-package-versions branch from 363e678 to 29b9ed9 Compare April 15, 2024 06:57
mm-matthias
mm-matthias reviewed Apr 15, 2024
View reviewed changes
catcombo
catcombo approved these changes Apr 15, 2024
View reviewed changes
Copy link
Contributor

@catcombo catcombo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

marns93
marns93 approved these changes Apr 15, 2024
View reviewed changes
Copy link
Contributor

@marns93 marns93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the tests.
LGTM. :)

@pchorus pchorus force-pushed the feature/check-package-versions branch from 75b7cd6 to 807a7f9 Compare April 15, 2024 09:50
@pchorus pchorus merged commit 70db1f0 into master Apr 15, 2024
4 checks passed
@pchorus pchorus deleted the feature/check-package-versions branch April 15, 2024 09:54
pchorus added a commit that referenced this pull request Apr 15, 2024
@pchorus
Revert "Merge pull request #22 from moneymeets/feature/check-package-…
45f6a12 
…versions"

This reverts commit 70db1f0, reversing
changes made to fc98d53.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catcombo catcombo catcombo approved these changes

@mm-matthias mm-matthias mm-matthias approved these changes

@marns93 marns93 marns93 approved these changes

@felix11h felix11h Awaiting requested review from felix11h felix11h is a code owner

@zyv zyv Awaiting requested review from zyv

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pchorus @marns93 @zyv @mm-matthias @catcombo