-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make gitpython dependency optional #297
make gitpython dependency optional #297
Conversation
✅ Deploy Preview for conda-lock ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
978c53c
to
8532702
Compare
Sure, so maybe the fields need to be lazy, then, and explode if None
because of missing gitpython.
…On Wed, Dec 14, 2022, 16:50 Ben Mares ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In conda_lock/src_parser/__init__.py
<#297 (comment)>
:
> @@ -169,7 +169,10 @@ def create(
metadata_choices: AbstractSet[MetadataOption],
src_files: List[pathlib.Path],
) -> "GitMeta | None":
- import git
+ try:
+ import git
+ except ImportError:
+ return None
Right, but if a user runs
conda-lock --metadata git_user_name
then it would be mean to the user to silent fail, right? Or am I missing
something obvious?
—
Reply to this email directly, view it on GitHub
<#297 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALCRGM6FO3NHLTW2N5CXTWNJFKNANCNFSM6AAAAAAS66ARGE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
That's what I thought at first, but I believe bollwyvl#1 suffices. |
Fix error
Argh, sorry, not sure what was wrong with me last night... 😵 Could you please delete the redundant |
Like this? |
Perfect, thanks!!! |
What are your thoughts regarding the future of the GitPython dependency? Namely, suppose someone fixes the vulnerability. Then are we okay to reinclude it as a required dependency? It seems to be fairly lightweight and pure-Python. The reason I ask is that if we can reinclude it after some time, then perhaps we could avoid introducing |
Since you asked: I'd prefer Specifically for git: if using As for the metadata stuff in general: Any time i can avoid invoking any conda/mamba stuff, I do. Basically 100% of the time, I strip out the conda-lock integrity hash, because it's basically impossible to reconstruct what it would be, and doesn't particularly help git diffs (ha!). If anything, I'll inject the sorted set of depdendencies as a comment, and then run/not-run conda-lock if that has changed. As to the other optional: I don't use the So sure, it's fine if a non-vulnerable |
Thanks a lot for typing that all out, I really appreciate the perspective.
👍 My motivation for vendoring Poetry was to remove a dependency, and hopefully eventually eliminate it entirely.
👍 Though I don't have many complaints about Hatchling so far.
Any way to win you over on this? It definitely requires some more work for stability, but Micromamba support is to me a killer feature. Improving stability and reducing dependencies are high on my todos here, but those unfortunately require me to somehow find some weekend days... 😆 |
For this PR, would you be amenable to dropping |
Probably not? My use cases are highly automation/forensics driven, and minimally entropic, reusable files on disk, checked into git are pretty much my happy place. Parsing YAYAML (Yet Another YAML) format without a JSON schema, vs a list of URLs is pretty much no contest for me.
But
don't i know it, friend! But conda-lock is a critical daily driver for me, so I'm happy to help when I can. |
I'm happy it's working for you! And you didn't ask, but: to me, the cambrian explosion of build systems vs the cartesian product of duplicative plugins is extremely tiresome. If important information doesn't appear in pyproject.toml in the standards compliant fields, I feel like the point has partially been missed. The failure modes of |
ping @mariusvniekerk |
References
Changes
gitpython
fromrequirements.txt
torequirements-dev.txt
None
when creatingGitMeta
ifgitpython
is not installed