Closed nikhars closed 4 weeks ago
Since we want sentry infra tools dependencies to be pulled from sentry pypi, we need to move away from generating the requirements file using pip-compile. Using pip-compile, the generated requirements file could have versions of dependencies which are NOT on sentry pypi. That will break the publishing of the package in unexpected ways.
Why can't we use the internal pypi ? It is possible to tell pip-compile to use the internal repo only.
Aren't we losing the pinning of sub-dependencies here and they could shift beneath us anyways?
This is what sentry does
"pip-compile",
"--allow-unsafe",
"--no-annotate",
"--quiet",
"--strip-extras",
"--index-url=https://pypi.devinfra.sentry.io/simple",
Changes the requirements file to be dependent on sentry's internal pypi instead of external pypi