chore(dependencies): Use sentry pypi for dependencies

getsentry / sentry-infra-tools

An attempt to move senytry-kube to its own repository

1 stars 0 forks source link

chore(dependencies): Use sentry pypi for dependencies #23

Closed nikhars closed 4 weeks ago

nikhars commented 4 weeks ago

Changes the requirements file to be dependent on sentry's internal pypi instead of external pypi

fpacifici commented 4 weeks ago

Since we want sentry infra tools dependencies to be pulled from sentry pypi, we need to move away from generating the requirements file using pip-compile. Using pip-compile, the generated requirements file could have versions of dependencies which are NOT on sentry pypi. That will break the publishing of the package in unexpected ways.

Why can't we use the internal pypi ? It is possible to tell pip-compile to use the internal repo only.

mwarkentin commented 4 weeks ago

Aren't we losing the pinning of sub-dependencies here and they could shift beneath us anyways?

fpacifici commented 4 weeks ago

This is what sentry does

"pip-compile",
        "--allow-unsafe",
        "--no-annotate",
        "--quiet",
        "--strip-extras",
        "--index-url=https://pypi.devinfra.sentry.io/simple",