Closed juftin closed 8 months ago
Oh, I'm sad that Hatch broke several things 😞 But probably this env could override dependency_hash to read the lock file on the fly and also include its own checksum
Yeah- combine a hash of read_requirements()
with super().dependency_hash()
- I think that would work
Yeah it totally can get desynced right now - you can even delete the lock file and it doesn't care
Hmm... unfortunately read_requirements()
won't work because hatch doesn't re-run dependency_hash()
when it updates the stored hash. dependency_hash()
will probably have to run run_pip_compile
on its own.
dep_hash = environment.dependency_hash()
current_dep_hash = self.env_metadata.dependency_hash(environment)
if dep_hash != current_dep_hash:
with self.status('Checking dependencies'):
dependencies_in_sync = environment.dependencies_in_sync()
if not dependencies_in_sync:
with self.status('Syncing dependencies'):
environment.sync_dependencies()
self.env_metadata.update_dependency_hash(environment, dep_hash)
This will be fixed soon, sorry for the trouble!
:tada: This issue has been resolved in version 1.8.3 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
Thank you @ofek !
I need to confirm but I believe the latest version of hatch is skipping checks with its new use of dependency_hash (https://hatch.pypa.io/latest/blog/2023/12/11/hatch-v180/#faster-environment-usage) - this allows lockfiles to be out of date (by hand editing at least)
https://github.com/pypa/hatch/blob/d3246e957584d292319e7b93301598cdf611e902/src/hatch/cli/application.py#L107-L117