source packages / wheels may be easier managable, but there will be problem with binary packages if they require compilation
[ ] think about new security policy so that we require only pinned, flatten dependencies in requirement file
currently we take requirements file and build action compilies it on runtime. Maybe just we can require have such file already prepared? It may be possible to have locks from 2 machines combined into one file with proper OS marks , but probably eaiser for devs would be to maintain 2 separate files?)
[ ] add support for lock files in build action (let say for now in form of compiled requirements file produced by pip-tools)
Extracted from discussion: https://github.com/GOG-Nebula/galaxy-integration-steam/pull/1#discussion_r1230899364
As a devs we want to ensure that plugin builds are deterministic and does not depends on time passed
so that we have less problems
Acceptance criteria:
TODOs: