charliermarsh
commented
2 weeks ago Do you need to re-lock outside of development? Is it enough just to sync?
Open helderco opened 2 weeks ago
charliermarsh
commented
2 weeks ago Do you need to re-lock outside of development? Is it enough just to sync?
helderco
commented
2 weeks ago What I need to lock is my-module/uv.lock (new project from template, needs new lock). The vendored library (dagger-io) should behave like something you'd install from PyPI, it's just vendored locally because modules need to patch that library slightly (to overwrite a .py file).
So currently it's like doing uv add dagger-io and expecting uv to pick up on the library's workspace, which is only used to develop the library (i.e., in its own repo, not in my-module).
helderco
commented
2 weeks ago To be clear, I think the problem is that I want to vendor without the codegen member but uv lock fails to parse the sdk/pyproject.toml (or sdk/uv.lock) without that subdir. It shows in my-module/uv.lock but isn't needed there.
Does my-module/uv.lock really need to know the dev dependencies from my-modules/sdk?
This is the difference between uv lock --no-sources and having a source with dagger-io = { path = "sdk" }:
[[package]]
name = "dagger-io"
-version = "0.12.7"
-source = { registry = "https://pypi.org/simple" }
+version = "0.0.0"
+source = { directory = "sdk" }
dependencies = [
{ name = "anyio" },
{ name = "beartype" },
{ name = "cattrs" },
{ name = "gql", extra = ["httpx"] },
{ name = "opentelemetry-exporter-otlp-proto-grpc" },
{ name = "opentelemetry-sdk" },
{ name = "platformdirs" },
{ name = "rich" },
{ name = "typing-extensions" },
]
-sdist = { url = "https://files.pythonhosted.org/packages/10/5d/99cf39497c00ea3869e92246e364e0480979788d27388ed33273c03865cb/dagger_io-0.12.7.tar.gz", hash = "sha256:49a50644a269a4fd785481a3b9a6a8a08c98caf2b4c835ea65e8c0fdbb641bf6", size = 81419 }
-wheels = [
- { url = "https://files.pythonhosted.org/packages/49/8d/878003f142338ca9e535c38044ee63fdae446b161c83366b734831551323/dagger_io-0.12.7-py3-none-any.whl", hash = "sha256:69e7986b04e069b9a19805010d17ead8c0153eaf0be9d3dacf87585eb7d3ba7f", size = 76526 },
+
+[package.metadata]
+requires-dist = [
+ { name = "anyio", specifier = ">=3.6.2" },
+ { name = "beartype", specifier = ">=0.18.2" },
+ { name = "cattrs", specifier = ">=22.2.0" },
+ { name = "gql", extras = ["httpx"], specifier = ">=3.5.0" },
+ { name = "opentelemetry-exporter-otlp-proto-grpc", specifier = ">=1.23.0" },
+ { name = "opentelemetry-sdk", specifier = ">=1.23.0" },
+ { name = "platformdirs", specifier = ">=2.6.2" },
+ { name = "rich", specifier = ">=10.11.0" },
+ { name = "typing-extensions", specifier = ">=4.8.0" },
+]
+
+[package.metadata.requires-dev]
+dev = [
+ { name = "aiohttp", specifier = ">=3.9.3" },
+ { name = "codegen", editable = "sdk/codegen" },
+ { name = "mypy", specifier = ">=1.8.0" },
+ { name = "pytest", specifier = ">=8.0.2" },
+ { name = "pytest-httpx", specifier = ">=0.30.0" },
+ { name = "pytest-mock", specifier = ">=3.12.0" },
+ { name = "pytest-subprocess", specifier = ">=1.5.0" },
+ { name = "ruff", specifier = ">=0.3.4" },
+ { name = "sphinx", specifier = ">=7.2.6" },
+ { name = "sphinx-rtd-theme", specifier = ">=2.0.0" },
][!note] The published version (0.12.7) has uv dev dependencies (but
uv.lockisn’t published):
So I suppose I don’t get the dev dependencies if the source is already built (i.e., uv doesn’t have to build before install). But even with uv build I still don’t get them:
rm -rf sdk/codegen
uv build sdk
uv add --no-binary-package dagger-io ./sdk/dist/dagger_io-0.0.0.tar.gzI used --no-binary-package dagger-io because I wanted to feed something that has the pyproject.toml and uv.lock from the dagger-io library to uv add, to see if the dev dependencies would get in the my-module/uv.lock, but they don’t:
[[package]]
name = "dagger-io"
-version = "0.12.7"
-source = { registry = "https://pypi.org/simple" }
+version = "0.0.0"
+source = { path = "sdk/dist/dagger_io-0.0.0.tar.gz" }
dependencies = [
{ name = "anyio" },
{ name = "beartype" },
{ name = "cattrs" },
{ name = "gql", extra = ["httpx"] },
{ name = "opentelemetry-exporter-otlp-proto-grpc" },
{ name = "opentelemetry-sdk" },
{ name = "platformdirs" },
{ name = "rich" },
{ name = "typing-extensions" },
]
-sdist = { url = "https://files.pythonhosted.org/packages/10/5d/99cf39497c00ea3869e92246e364e0480979788d27388ed33273c03865cb/dagger_io-0.12.7.tar.gz", hash = "sha256:49a50644a269a4fd785481a3b9a6a8a08c98caf2b4c835ea65e8c0fdbb641bf6", size = 81419 }
-wheels = [
- { url = "https://files.pythonhosted.org/packages/49/8d/878003f142338ca9e535c38044ee63fdae446b161c83366b734831551323/dagger_io-0.12.7-py3-none-any.whl", hash = "sha256:69e7986b04e069b9a19805010d17ead8c0153eaf0be9d3dacf87585eb7d3ba7f", size = 76526 },
-]
+
+[package.metadata]
+requires-dist = [
+ { name = "anyio", specifier = ">=3.6.2" },
+ { name = "beartype", specifier = ">=0.18.2" },
+ { name = "cattrs", specifier = ">=22.2.0" },
+ { name = "gql", extras = ["httpx"], specifier = ">=3.5.0" },
+ { name = "opentelemetry-exporter-otlp-proto-grpc", specifier = ">=1.23.0" },
+ { name = "opentelemetry-sdk", specifier = ">=1.23.0" },
+ { name = "platformdirs", specifier = ">=2.6.2" },
+ { name = "rich", specifier = ">=10.11.0" },
+ { name = "typing-extensions", specifier = ">=4.8.0" },
+]Only the production dependencies are included, which is what I want.
If I use the local directory as the source, it assumes I want to develop (i.e., tries to load the workspace), even without --editable:
✗ uv add ./sdk
error: Failed to build: `dagger-io @ file:///Users/helder/Projects/dagger/sdk/python/dev/sdk`
Caused by: Failed to parse entry for: `codegen`
Caused by: Package is not included as workspace package in `tool.uv.workspace`What I expected was the same as uv build sdk does. It doesn’t fail due to the missing workspace package and only adds dagger-io’s production dependencies to the lock.
[!note] Even though I use
uv addin these examples, what I’m trying to do is justuv lockinmy-modulesince thepyproject.tomlalready includes the right config, added from a template.
The reason I need to vendor the library is because I need to change a source code file due to a code generation step (in particular, the sdk/src/dagger/client/gen.py file). And the reason I need --editable is to have that change locally as well as in the OCI container, without having to install it again on changes (and without having to handle different site-package locations).
In my-module I don’t want my-module/sdk dev dependencies nor share a .venv. If I wanted to develop them together, I’d define a workspace in my-module/pyproject.toml, which is what seems to be documented in When (not) to use workspaces:
Workspaces are not suited for cases in which members have conflicting requirements, or desire a separate virtual environment for each member. In this case, path dependencies are often preferable. […] This approach conveys many of the same benefits, but allows for more fine-grained control over dependency resolution and virtual environment management
But still, is there a way to distinguish when I want a path dependency’s dev dependencies vs not?
I have a library
dagger-iothat is vendored locally in a./sdkdirectory in a new projectmain(structured as a library):The
dagger-iolibrary has a workspace with acodegenmember during development, but I don't want that directory to be available when when vendored (copied into./my-module/sdk):So, when I create a lock file (
uv lock) for projectmain, I get the following error:I want to ignore the workspace information in
dagger-iowhen installed as a dependency since that workspace is for developing thedagger-iolibrary, in a separate repo.Or is there another solution to this?