You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently pin the versions of python packages we install, but not the versions of those packages' dependencies. For example, we pin a version of piptools, but piptools depends on pip. When we install piptools, we install the latest version of pip, so that pip version is not pinned. This can lead to breakages on CI when a new version of pip is released that isn't backwards-compatible. This caused python -m regenerate_requirements to fail yesterday, which broke all CircleCI and GitHub Actions builds when a new version of pip was released with breaking interface changes. This breakage and the subsequent debugging is documented here.
Solution
We should pin the versions of all our dependencies, not just our direct dependencies. One way to do this would be to install all our dependencies directly into a virtual environment from a single requirements.txt file (i.e. we would just run pip install -r requirements.txt). The requirements.txt file would pin the versions of all dependencies (i.e. generated by pip freeze > requirements.txt)
This will move us to a more typical way of installing Python dependencies, which should let us take better advantage of linting and testing tools in IDEs. (See this comment thread for more details.)
The text was updated successfully, but these errors were encountered:
Problem
We currently pin the versions of python packages we install, but not the versions of those packages' dependencies. For example, we pin a version of
piptools
, butpiptools
depends onpip
. When we installpiptools
, we install the latest version ofpip
, so thatpip
version is not pinned. This can lead to breakages on CI when a new version ofpip
is released that isn't backwards-compatible. This causedpython -m regenerate_requirements
to fail yesterday, which broke all CircleCI and GitHub Actions builds when a new version ofpip
was released with breaking interface changes. This breakage and the subsequent debugging is documented here.Solution
We should pin the versions of all our dependencies, not just our direct dependencies. One way to do this would be to install all our dependencies directly into a virtual environment from a single
requirements.txt
file (i.e. we would just runpip install -r requirements.txt
). Therequirements.txt
file would pin the versions of all dependencies (i.e. generated bypip freeze > requirements.txt
)This will move us to a more typical way of installing Python dependencies, which should let us take better advantage of linting and testing tools in IDEs. (See this comment thread for more details.)
The text was updated successfully, but these errors were encountered: