Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow specifying dependencies directly in pip.parse #2271

Open
ouillie opened this issue Oct 3, 2024 · 3 comments
Open

Allow specifying dependencies directly in pip.parse #2271

ouillie opened this issue Oct 3, 2024 · 3 comments
Labels
type: feature request type: pip

Comments

@ouillie
Copy link

ouillie commented Oct 3, 2024

🚀 feature request

Relevant Rules

pip.parse() (not a rule, but the module extension tag)

Description

Just putting this out there to gather feedback and see if it's worth implementing myself. I use Python as a pretty minor part of my polyglot Bazel codebase, and it has a single PyPI dependency. Call me petty, but I just don't like having to put that 1 dependency in its own requirements.txt file when all my other dependencies are listed directly in MODULE.bazel.

Describe the solution you'd like

Is there any appetite for adding a new parameter to pip.parse() called requirements (as an alternative to requirements_lock) which is just a Starlark list of strings that get parsed as though they were the lines of a requirements.txt file? This would be kinda nice for really simple cases like mine, but perhaps "not recommended" for larger Python projects.

Describe alternatives you've considered

Alternatives already exist, but if the maintainers would welcome a PR to this effect, then I can draft one up.
@alexeagle
Copy link
Collaborator

I'd be opposed to this idea simply because Bazel claims to provide reproducible builds, and without pinning/locking requirements you could get different transitive dependencies when you rebuild at the same commit.

@ouillie
Copy link
Author

ouillie commented Oct 6, 2024

I don't see how that's relevant. Hashes should still be locked in MODULE.bazel.lock. The only difference would be that, rather than a requirements.txt file who's only contents are e.g. numpy==1.2.3, you would instead have a Starlark list who's only contents are numpy==1.2.3. It seems to me like requirements_lock is a bit of a misnomer because requirements.txt has never been a lock file in that sense. All the locking information seems to go in MODULE.bazel.lock.

@aignas
Copy link
Collaborator

aignas commented Oct 7, 2024

I think @ouillie is correct here - we can still lock the hashes in the MODULE.bazel.lock file. However, that requires the following to be in place:

  • Fully stabilize "Cross compilation" of py_binary/py_image/py_library targets #260 and make that the default (i.e. experimental_index_url is no longer experimental).
  • Support downloading packages without hashes in the requirements.txt lock file to be downloaded/setup via the experimental_index_url machinery.
  • Add the necessary code for the users to supply extra packages using the pypi integration code.

I am not sure if this is the same pip extension that we have right now or a different one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: feature request type: pip
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexeagle @aignas @ouillie