search

devpi / devpi-constrained

releases filter for devpi-server
MIT License
8 stars 2 forks source link

Does not apply constraints as a bases of another index #3

Closed EvaSDK closed 1 year ago

EvaSDK commented 1 year ago

Hello,

I wanted to test devpi-constrained for a while as our development team sometimes has difficulties keeping up with newer releases of our stack and it is not always easy to block a package to a certain version as it is used in a lot of repositories.

This is the case with tox and the latest release is causing trouble to our CI/CD pipeline as reported in https://github.com/tox-dev/tox/issues/2702.

Now, I rebuilt our Docker image with devpi-constrained and playing around with it, it does not seem to filter packages when it is used as the bases in another index.

$ devpi index -c root/pypi-constrained type=constrained bases=root/pypi
[...]
$ devpi index  root/pypi-constrained constraints="tox<4"
/root/pypi-constrained constraints=tox<4
https://pypi.example.com/root/pypi-constrained?no_projects=:
  type=constrained
  bases=root/pypi
  volatile=True
  acl_upload=root
  acl_toxresult_upload=:ANONYMOUS:
  constraints=tox<4
  mirror_whitelist=
  mirror_whitelist_inheritance=intersection
  title=PyPI constrained mirror
$ devpi index -c root/dev-team
https://pypi.example.com/root/dev-team?no_projects=:
  type=stage
  bases=root/pypi-constrained
  volatile=True
  acl_upload=root
  acl_toxresult_upload=:ANONYMOUS:
  mirror_whitelist=
  mirror_whitelist_inheritance=intersection
$ devpi list --index root/pypi-constrained --all tox |head -n3
*redirected: https://pypi.example.com/root/pypi-constrained/tox
https://pypi.example.com/root/pypi/+f/f52/ca66eae115fcf/tox-3.27.1-py2.py3-none-any.whl
https://pypi.example.com/root/pypi/+f/b2a/920e35a668cc0/tox-3.27.1.tar.gz
$ devpi list --index root/dev-team --all tox |head -n3
*redirected: https://pypi.example.com/root/dev-team/tox
https://pypi.example.com/root/pypi/+f/952/1447370a37527/tox-4.0.11-py3-none-any.whl
https://pypi.example.com/root/pypi/+f/695/fc21a276e6a4f/tox-4.0.11.tar.gz

Is this the intended behavior? Is my expectation that dev-team should get filtered results wrong?

EvaSDK commented 1 year ago

The list of packages installed on the server: devpi-constrained-1.0.0 devpi-server-6.8.0 devpi-web-4.2.0

fschulze commented 1 year ago

It looks like it is broken at the moment. The CI tests haven't run in a while (still on Travis), which is why I didn't notice. Locally I get test failures with latest devpi-server.

fschulze commented 1 year ago

I have added GitHub Actions and released devpi-constrained 2.0.0.