search

HEPData / hepdata_lib

Library for getting your data into HEPData
https://hepdata-lib.readthedocs.io
MIT License
15 stars 37 forks source link

Yank broken Python 2 releases from PyPI with Python 3 only hepdata-validator dependencies #224

Closed matthewfeickert closed 1 year ago

matthewfeickert commented 1 year ago

The motivation for Issue #222 comes too late, as the problems that I outlined with not setting a lower bound to avoid breaking old versions have actually already happened. PR #189 broke all Python 2 releases forever for hepdata_lib v0.10.0+ when it added

https://github.com/HEPData/hepdata_lib/blob/42238e14c8f005ed3f2aa2d8161e2516e09d58cf/requirements.txt#L5

as the last release of hepdata-validator to support Python 2 was hepdata-validator v0.2.3.

There is no way to unbreak these releases, but as there haven't been too many releases since v0.10.0

$ python -m pip index versions hepdata-lib
WARNING: pip index is currently an experimental command. It may be removed/changed in a future release without prior warning.
hepdata-lib (0.11.1)
Available versions: 0.11.1, 0.11.0, 0.10.1, 0.10.0, 0.9.0, 0.8.1, 0.8.0, 0.7.0, 0.6.0, 0.5.0, 0.4.1, 0.4.0, 0.3.2, 0.3.0, 0.2.8, 0.2.7, 0.2.6, 0.2.5, 0.2.4, 0.2.3, 0.2.2, 0.2.1, 0.2.0, 0.1.1, 0.1

it would be feasible to finish following the outline of https://github.com/HEPData/hepdata_lib/pull/222#issuecomment-1441355145, resulting in a release v0.12.0 and then to yank releases:

from PyPI. This would still allow for these releases to be installed by exactly requesting them with == but it would then unbreak a Python 2.7 install like

$ docker run --rm -ti python:2.7 /bin/bash        
root@095b42ef95fd:/# virtualenv venv && . venv/bin/activate
(venv) root@095b42ef95fd:/# python -m pip --quiet install --upgrade pip setuptools wheel
(venv) root@095b42ef95fd:/# python -m pip install hepdata-lib
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Collecting hepdata-lib
  Downloading hepdata_lib-0.11.1-py2.py3-none-any.whl (20 kB)
ERROR: Could not find a version that satisfies the requirement hepdata-validator>=0.3.2 (from hepdata-lib) (from versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.1.16, 0.2.1, 0.2.2, 0.2.3)
ERROR: No matching distribution found for hepdata-validator>=0.3.2 (from hepdata-lib)
(venv) root@095b42ef95fd:/#

as this would then be the equivalent of

(venv) root@095b42ef95fd:/# python -m pip install 'hepdata-lib<0.10.0'

which is a valid Python 2.7 install

(venv) root@095b42ef95fd:/# python -m pip show hepdata-lib
Name: hepdata-lib
Version: 0.9.0
Summary: Library for getting your data into HEPData
Home-page: https://github.com/HEPData/hepdata_lib
Author: Andreas Albert, Clemens Lange
Author-email: hepdata-lib@cern.ch
License: UNKNOWN
Location: /venv/lib/python2.7/site-packages
Requires: six, numpy, future, PyYAML
Required-by: 
(venv) root@095b42ef95fd:/#

_Originally posted by @matthewfeickert in https://github.com/HEPData/hepdata_lib/issues/222#issuecomment-1447512101_

GraemeWatt commented 1 year ago

Thanks for your work on this, @matthewfeickert. Indeed, the release of hepdata_lib 0.10.0 removed support for Python 2.7 by introducing a dependence hepdata-validator>=0.3.2. Looking at the comments of issue #187 and PR #189, it was a deliberate decision to remove Python 2.7 support from hepdata_lib, but I guess it was not done in a clean way. Issue #187 suggests that pure Python 3 features were used in the hepdata_lib code even before the 0.10.0 release, so you might need to go further back to find a version that works with Python 2.7. For example, check not only that hepdata_lib can be installed in a Python 2.7 environment, but that the tests pass. I'm not sure if this is worth spending time on.

clelange commented 1 year ago

Thank you very much for investigating this, @matthewfeickert ! I agree with @GraemeWatt that since we broke things too long ago, it's not worth the effort to fix things now just for the sake of supporting some Python 2 edge cases. Let's just forget about Python 2. altogether now. I wouldn't even yank the 0.10.0 and later releases from PyPI. Nobody has complained in the recent past.

matthewfeickert commented 1 year ago

Sounds good to me. Thanks both!