Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-PyPI packages are ignored by --check-updates #380

Open
frafra opened this issue Oct 25, 2019 · 4 comments
Open

Non-PyPI packages are ignored by --check-updates #380

frafra opened this issue Oct 25, 2019 · 4 comments

Comments

@frafra
Copy link

frafra commented Oct 25, 2019

Hi,
Fades does not check if a package installed git+https is up-to-date even if --check-updates is used.
@gilgamezh
Copy link
Contributor

Hello, thanks!

--check-updates is hitting pypi API to check versions. I'm not sure how we should track versions of packages installed from a git repo. Any ideas?

@frafra
Copy link
Author

frafra commented Oct 26, 2019

It looks like there is no way to detect which revision has been cloned using pip.

Simple solution: cloning the whole repo every time and displaying a warning (like "please fix a commit/tag like this: ...")

Better solution: getting the commit ID first and alter the required dependency on-the-fly.
Example (Bash-like syntax):

  1. Dependency required: git+https://github.com/PyAr/fades.git
  2. No reference detected (no @ref used), assuming ref="HEAD"
  3. Get commit ID: id=$(git ls-remote https://github.com/PyAr/fades.git $ref | cut -f1)
  4. Add the commit ID to the dependency: git+https://github.com/PyAr/fades.git@$id
  5. Resolve the dependency as usual

@facundobatista
Copy link
Member

Hello @frafra !

Thanks for taking the time to help us improve fades!

Yes, --check-update is suboptimal when we consider other repos other than PyPI. For example, we have the #338 issue opened for the case of local dependencies.

In that case of local depencies what is suggested in the issue is to verify if the project has changed by checking the ctime of the project's directory.

For the case of remote VCSs is quite more complicated. We not only support git but also other VCS systems. Furthermore, we don't "speak VCS" ourselves, as we just rely on pip to do its work.

Taking that into mind, it's super difficult to get the commit id of a remote repo. What if it's bzr or hg? What if the user doesn't have git installed (not really sure how pip installs it, and the trick is that we want to avoid caring about it!).

So, how can emulate desired behaviours taking that in consideration?

One proposal could be to always recreate the venv if --check-updates is involved when having VCS repos; that surely would be on the safe side, but it also will be very inefficient most of the times!

What do you think?

@frafra
Copy link
Author

frafra commented Oct 31, 2019

Hi :)
You are right, it would be better not to do something for git only. I had a look at poetry because it fixes versions for packages, even if they are taken from git, but they do not support other VCSes: https://github.com/sdispater/poetry/blob/7a372c75562e99355c59786b4d3f1b26b9124e50/poetry/puzzle/provider.py#L189-L190

I would say that your proposal can be a good one, but I would show a warning if the dependencies VCS dependencies have not been tagged; (using @reference) if they have tags, they can be just skipped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frafra @facundobatista @gilgamezh