search

holoviz-dev / pyctdev

Python packaging Common Tasks for Developers
BSD 3-Clause "New" or "Revised" License
10 stars 2 forks source link

Allow to install the minimum dependencies #96

Open maximlt opened 1 year ago

maximlt commented 1 year ago

The HoloViz packages declare their Python runtime dependencies in the install_requires parameter of their setup.py file. In most cases these dependencies are pinned, e.g. bokeh >= 1.1. Pins are usually set at a point in time when they're known to be valid. For instance, the package relies on a new API made available in Bokeh 1.1, so the pin has to be bokeh >= 1.1 to prevent the package to be installed with older versions of Bokeh. However, these minimum pins are only tested for a short while. Each new release of the pinned dependency (e.g. Bokeh 1.2, 2.0, 2.1, etc.) makes the pin more likely to be invalid, as it might well be that the package relies on new API that would have required a minimum version bump, which could easily be missed. As the dependencies installed part of a test suite are generally the latest one available (or close to that), there's simply no way to detect this sort of issue.

A parameter could be added to the develop_install command, that when set would force the installation of the minimum declared dependency versions (e.g. bokeh==1.1).

Some packages don't pin all their dependencies:

https://github.com/holoviz/hvplot/blob/master/setup.py#L34

I believe that in practice it is pretty unlikely for a package to work with any version of one of its dependencies. I would suggest that doit develop_install --new-flag should raise an error when it finds an unpinned runtime dependency.

maximlt commented 1 year ago

Noting as I just saw that that develop_install has a --pin-deps flag (or --no-pin-deps). It will apparently parse the setup.cfg file and look for such setting:

[tool:pyctdev]
pins =
    holoviews = 1.10.0
    hypothesis = 3.56.0

It actually looks like this could be an alternative to the suggestion I've made. In particular when a pin is of the greater than type, there should be a way to manually set what is the minimum version to actually install. This mechanism can do that, its drawback being that it means duplicating the listing of the runtime dependencies between two files (currently setup.py and setup.cfg).

The solution I suggested in the first post implies that none of the pins is of the type greater than.