Open frafra opened 4 years ago
Hello, thanks!
--check-updates
is hitting pypi API to check versions. I'm not sure how we should track versions of packages installed from a git repo. Any ideas?
It looks like there is no way to detect which revision has been cloned using pip.
Simple solution: cloning the whole repo every time and displaying a warning (like "please fix a commit/tag like this: ...")
Better solution: getting the commit ID first and alter the required dependency on-the-fly. Example (Bash-like syntax):
git+https://github.com/PyAr/fades.git
@ref
used), assuming ref="HEAD"
id=$(git ls-remote https://github.com/PyAr/fades.git $ref | cut -f1)
git+https://github.com/PyAr/fades.git@$id
Hello @frafra !
Thanks for taking the time to help us improve fades!
Yes, --check-update
is suboptimal when we consider other repos other than PyPI. For example, we have the #338 issue opened for the case of local dependencies.
In that case of local depencies what is suggested in the issue is to verify if the project has changed by checking the ctime
of the project's directory.
For the case of remote VCSs is quite more complicated. We not only support git
but also other VCS systems. Furthermore, we don't "speak VCS" ourselves, as we just rely on pip
to do its work.
Taking that into mind, it's super difficult to get the commit id of a remote repo. What if it's bzr or hg? What if the user doesn't have git installed (not really sure how pip installs it, and the trick is that we want to avoid caring about it!).
So, how can emulate desired behaviours taking that in consideration?
One proposal could be to always recreate the venv if --check-updates
is involved when having VCS repos; that surely would be on the safe side, but it also will be very inefficient most of the times!
What do you think?
Hi :)
You are right, it would be better not to do something for git only. I had a look at poetry
because it fixes versions for packages, even if they are taken from git, but they do not support other VCSes: https://github.com/sdispater/poetry/blob/7a372c75562e99355c59786b4d3f1b26b9124e50/poetry/puzzle/provider.py#L189-L190
I would say that your proposal can be a good one, but I would show a warning if the dependencies VCS dependencies have not been tagged; (using @reference
) if they have tags, they can be just skipped.
Hi, Fades does not check if a package installed
git+https
is up-to-date even if--check-updates
is used.