Open cognifloyd opened 1 year ago
(bonus points for renaming repos to find_links to make that settings purpose clearer and less confusing)
Guess this is already done! ;)
17:59:19.89 [WARN] DEPRECATED: option 'repos' in scope 'python-repos' is scheduled to be removed in version 3.0.0.dev0.
A deprecated alias for `[python-repos].find_links`.
Is your feature request related to a problem? Please describe. Publishing artifacts should be immutable. But, some things should have access to supplemental resources, and others should not. If building a wheel for internal distribution, anything in an internal supplemental index is fair game. If building something to go on an external index, like pypi, then that should be restricted so it can only see the publicly accessible artifacts.
It would be nice if pants guarded against mismatched dependencies earlier in the dev cycle.
Describe the solution you'd like Per resolve find_links and indexes settings instead of (or in addition to) global
[python-repos].indexes
and[python-repos].repos
(bonus points for renamingrepos
tofind_links
to make that settings purpose clearer and less confusing).So, we would have two new settings:
[python].resolves_to_find_links
[python].resolves_to_indexes
This is also more consistent with the rest of the settings, making it more predictable for new users. To continue supporting the old, global settings, I would probably use that as the default for resolves that do not specify anything under
[python].resolves_to_*
.Describe alternatives you've considered We may be able to use the new dependency rules feature, and the visibility backend, to approximate this. It would probably require setting
__dependent_rules__
that prevent any public distributions from depending on apython_requirement
that is only known to exist on the private index. But, that's would be hard to maintain, and hard to create initially. This approach would probably be reactive: any time publishing a wheel to pypi fails due to using internal dependencies, people would add another dependent rule to protect against a given bad dependency.This might become even more murky if the same package is available in both indexes, but you need to constrain the allowed/locked versions based on which index will be used to distribute some wheel (s).
Additional context I don't need this feature yet. The proposed solution was discussed on slack: https://pantsbuild.slack.com/archives/C0D7TNJHL/p1660577710953089?thread_ts=1660577710.953089&cid=C0D7TNJHL
But having this feature would make using pants more appealing in more contexts. As I said in slack:
So, if anyone else could use this feature, please chime in so we can gauge community interest.