Dependency management via poetry

[DanielYakubov]

As the title says. The requirements.txt isn't crazy at the moment, but would rather use poetry to keep things a bit more robust.

[kylebgorman]

Point of clarification first: we are not really using requirements.txt for dependency management. What it contains is a list of all dependencies needed for development and to run the continuous integration tests, which is a superset of what's in pyproject.toml.

The actual explicit dependencies are listed here in pyproject.toml.. Most modern option for package management (build, setuptools, pip etc. etc.) can read this and just use it as is.

I believe this combination is actually standard practice.

Now, poetry doesn't work on our package because it doesn't read that dependencies field for some reason. Rather it wants dependencies to be reiterated under a section [tool.poetry.dependencies]. This is a bit annoying but if you want to support it, be my guest.

[DanielYakubov]

I think the .lock file has saved me a few times because of the sub-dependency specifications, but that's only in very large software.

Agreed that what we have now is standard, though. I do think there is some future headaches we can save if we do this. But it's in the camp of very optional enhancement