Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New mode - persist resolved dependencies #103

Open
bswck opened this issue Jun 19, 2024 · 4 comments
Open

New mode - persist resolved dependencies #103

bswck opened this issue Jun 19, 2024 · 4 comments

Comments

@bswck
Copy link
Contributor

bswck commented Jun 19, 2024

As described in #85.

@bswck bswck changed the title Persist resolved dependencies New mode - persist resolved dependencies Jun 19, 2024
@bswck
Copy link
Contributor Author

bswck commented Jun 19, 2024

The new mode should hash resolved dependency trees.

My first idea was to hash the output of pip install [deps...] --silent --report - --dry-run --ignore-installed.
However, this isn't the best approach in the long run—#100 suggests the option of relying on uv for installing packages. To be able to use different tools for sole package resolution in the future, it would be ideal to simply use lockfile content hashes as keys.

@bswck
Copy link
Contributor Author

bswck commented Jun 19, 2024

Lockfiles have various formats. In https://github.com/bswck/lockfiles-overview, I'll try to summarize differences between lockfiles produced by top tools and try to find their "GCD" to describe a minimal hashable dependency tree.

As of now, I'm thinking that packages with versions and hashes should do the thing.

@jaraco
Copy link
Owner

jaraco commented Jun 20, 2024

Other things to consider - I'm not sure how lockfiles work with local disk or URL resources. I've been impressed with what tox has done lately to detect when dependencies have changed (and then make minimal adjustments). For example, when a dependency is removed, it will re-build the environment (invalidate the cache), but if a dependency is bumped or downgraded, it only re-installs that one dependency over the existing environment. It might be useful to examine how they do that.

@jaraco
Copy link
Owner

jaraco commented Jul 16, 2024

#100 suggests the option of relying on uv for installing packages

Don't let this be a hard blocker. If there's an elegant solution using just pip, it's okay to implement that and only have the feature available on pip until uv can provide a comparable interface.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants