Poetry: Build packages with pinned dependencies from .lock file

Created on 7 Aug 2020  路  5Comments  路  Source: python-poetry/poetry

  • [x] I have searched the issues of this repo and believe that this is not a duplicate.
  • [x] I have searched the documentation and believe that my question is not covered.

Feature Request

As title says, this feature is about to poetry build build wheels and packages with pinned versions specified in poetry.lock file. Command can be something like poetry build --locked.

Its duplicate of closed #1307. Reason to close this issue was argument about libraries and applications (in short):

Libraries use wheels for distribution. Their dependencies should not be very tight so libraries can coexist with each other. Thats why poetry build dont use versions from lock file. There are also applications. Applications need pinned dependencies from lock file, so all environments (dev and prod) use same dependencies. Applications should use docker for distribution.

So I think its not actually true that applications should not use wheels and pypi for distribution, sometimes its reasonable to have package with pinned dependencies from lock file. Example of such use case can be some cli tools like https://github.com/ytdl-org/youtube-dl, so development team and end-user use same dependencies. Another example is some backend application that deployed on server by wheel package.

Feature Triage
Source
picture artslob
👍8

Most helpful comment

I'm certainly a fan of this idea, and made a similar comment regarding that "Applications are not distributed via wheels" argument on the original issue.

picture Tobotimus on 15 Aug 2020
👍2

All 5 comments

I'd think it is reasonable for a tool such as poetry to generate Requires-Dist constraints in the wheel's METADATA, knowing that it is the user's responsibility to ensure that whatever they've built can be installed in the other projects that need them.

I assume that what you want as behavior is that each package listed in your pyproject.toml have the exact version defined in your poetry.lock. All the packages those packages depend on would not be part of the list of packages defined in the built wheel.

Is that an accurate assessment?

tomzx picture tomzx on 7 Aug 2020

Well, no actually. What I want is that when package is builded it will require exact versions of all dependencies from lock file. These versions can be also extracted (vied) using poetry export -f requirements.

Right now when package is builded it requires versions specified in pyproject.toml file.

artslob picture artslob on 8 Aug 2020
👍1

I'm certainly a fan of this idea, and made a similar comment regarding that "Applications are not distributed via wheels" argument on the original issue.

Tobotimus picture Tobotimus on 15 Aug 2020
👍2

@artslob @Tobotimus @tomzx A PR has been filed: https://github.com/python-poetry/poetry/pull/3341. Would you mind giving it a try, giving feedback on it, reviewing the code? Whatever helps to get things moving

sinoroc picture sinoroc on 1 Dec 2020

I will try to find some time to check it

artslob picture artslob on 12 Dec 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

etijskens picture etijskens  路  3Comments
alexlatchford picture alexlatchford  路  3Comments
Euphorbium picture Euphorbium  路  3Comments
jackemuk picture jackemuk  路  3Comments
tonysyu picture tonysyu  路  3Comments