Validate dependencies in non-isolated builds

[jaraco]

Currently, if a non-isolated build is invoked, it simply attempts to invoke the build hook expecting the invoker to have supplied the dependencies. But if the environment doesn't have the dependencies and if the lack of dependencies doesn't create a failure in the build, the build proceeds without its declared dependencies (see jaraco/jaraco.packaging#9 (comment) for an example).

Better would be for build to enforce that the declared dependencies are met before invoking the build.

[henryiii]

Build does do this. You have to pass both flags to skip the dependency check:

  --skip-dependency-check, -x
                        do not check that build dependencies are installed
  --no-isolation, -n    do not isolate the build in a virtual environment

Unlike pip, which makes the dependency check opt-in instead of opt-out.

There are actually a lot of places where you want to opt out (for example, if a CLI tool with an optional Python packaged version are listed as dependencies but actually fulfilled by the actual tool being present, like cmake and ninja). Another, possibly even more common and annoying is when the user pins things exactly inside the requirements, like setuptools or numpy, but you don't have control over the exact version (like when building in for package management, which usually only has a set version of things, like conda, pyodide, and linux distros) But build does default to validating.

[layday]

Looking at the linked PR, I believe they are referring to the project_wheel_metadata function from utils which doesn't check dependencies.