pip compile does not work with PEP 508

[Tomperez98]

Environment Versions

1. OS Type
2. Python version: python 3.9.18
3. pip version: pip 23.3.1
4. pip-tools version: pip-compile, version 7.3.0

dependencies = [
    "pip@https://github.com/pypa/pip/archive/1.3.1.zip#sha1=da9234ee9982d4bbb3c72346a6de940a148ea686",
]

An example from https://peps.python.org/pep-0508/

Does not work when I run:

piptools compile --no-strip-extras --extra dev --resolver=backtracking -o requirements/dev.txt pyproject.toml

[AndydeCleyre]

Thanks! The title says 507, but I see you link 508, which makes sense.

That particular dep string from the PEP seems to provide an invalid hash, and is ancient, and it can't be installed with that URI/hash even with plain pip install. But it will probably work with another URI, such as:

pip @ https://github.com/pypa/pip/archive/refs/tags/23.3.1.zip#sha1=8b6d5466b5da75066bb351c43f49df396d5f8004

[Tomperez98]

Sorry. Fixed the name.

Still does not work

pip @ https://github.com/pypa/pip/archive/refs/tags/23.3.1.zip

the pip install "pip @ https://github.com/pypa/pip/archive/refs/tags/23.3.1.zip" works, but not when defined on the pyproject.toml

[AndydeCleyre]

It works in my tests, can you provide a reproducing pyproject.toml?

Without hash:

$ pip-compile --allow-unsafe pyproject.toml -o - 2>/dev/null | grep github
pip @ https://github.com/pypa/pip/archive/refs/tags/23.3.1.zip

With hash:

$ pip-compile --allow-unsafe pyproject.toml -o - 2>/dev/null | grep github
pip @ https://github.com/pypa/pip/archive/refs/tags/23.3.1.zip#sha1=8b6d5466b5da75066bb351c43f49df396d5f8004

[Tomperez98]

The issue was using hatch I changed to setuptools and it worked perfectly