Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin Python package versions using constraint files #5100

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

TimoWilken
Copy link
Contributor

Constraint files are supported in pip 7.1+. The oldest we have pre-installed (on slc7 and slc8) is pip 9.0.3, so this is supported everywhere.

Constraint files are supported in pip 7.1+. The oldest we have pre-installed
(on slc7 and slc8) is pip 9.0.3, so this is supported everywhere.
@TimoWilken TimoWilken requested a review from a team as a code owner August 7, 2023 15:21
@TimoWilken
Copy link
Contributor Author

Hi @ktf @adriansev, what do you think about this?

It seems that with the previous approach of installing Python packages with a plain -r requirements.txt, the versions specified in that file aren't necessarily always installed (e.g. we specify Cython==0.x, but things still broke when the latest version became 3.x).

With constaint files, pip should always install the exact version that we specify, and not let anything else override it, even if something else would otherwise pull in a different version.

@adriansev
Copy link
Contributor

well, i have no reason to be against it! I can only express my view on xrootd and xjalienfs components that i think should be ok:

  • xrootd in principles should have no problems.. but there is a commit like:
    xrootd/xrootd@5fbcf7a
    which is only in master for the moment, so if we want to upgrade we need to wait for the next release
  • xjalienfs it is still compatible with python 3.6 (and it's dependencies will be installed with the highest compatible version)

So, famous last words, we should not have problems :)

@TimoWilken
Copy link
Contributor Author

You're right @adriansev, xjalienfs and other packages that install Python packages on top of Python-modules might end up causing version updates, since they won't use the constraint file. This wouldn't completely prevent newer package versions from being installed accidentally then...

@adriansev
Copy link
Contributor

@TimoWilken if there is a need for it, i can add my requirements to Python-modules and constrain them there .. but note the the whole dependency chain would also need to be constrained and we need to establish if this does not make some packages incompatible with other ..

@TimoWilken
Copy link
Contributor Author

Yeah, it's probably a bigger job. It might be better to install the constraint files in the Python-modules-list package, so that other Python-based packages can use them when they install their own stuff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants