search

peterbe / hashin

Helping you write hashed entries for packages in your requirements.txt
https://www.peterbe.com/plog/hashin
MIT License
105 stars 27 forks source link

Support "<" in package specifiers #115

Open techtonik opened 5 years ago

techtonik commented 5 years ago

For some reason there is an assertion against using < is package specifier.

$ hashin.py -r requirements_dev.txt "pytest<4.0.0"
Traceback (most recent call last):
  File "../hashin/hashin.py", line 832, in <module>
    sys.exit(main())
  File "../hashin/hashin.py", line 824, in main
    index_url=args.index_url,
  File "../hashin/hashin.py", line 135, in run
    return run_packages(specs, requirements_file, *args, **kwargs)
  File "../hashin/hashin.py", line 176, in run_packages
    package, version, restriction = _explode_package_spec(spec)
  File "../hashin/hashin.py", line 145, in _explode_package_spec
    assert ">" not in spec and "<" not in spec
AssertionError
peterbe commented 5 years ago

The reason is because that functionality simply doesn't exist. What we'd need is to write some code that downloads all possible versions of pytest and then, using the operator, calculate what the best version would be. E.g. ["3.9.8", "3.9.9", "4.0.0", "4.1"] ==> 3.9.9

In a sense, it already supports 

$ hashin.py -r requirements_dev.txt "pytest>=4.0.0"

because if you omit the operator (or the version) it knows to pick the latest and greatest which is a lot easier to compute.

If you feel like you often need to add a version with an operator other than >= or == then I think it's pretty straight forward to add.

Also, doing that kind of version operation arithmatic "should be easy" if done using pip's underlying tools and functions.

techtonik commented 5 years ago

I thought that it should somehow be done through the imported pip_api, but I don't know if I will need it second time. Right now hierarchical dependency updates are more useful and fun for learning pip_api.

peterbe commented 5 years ago

Perhaps because I've been lazy but there's been a couple of times where I know I don't want the latest version. For example, when I upgrade or add a lib in a Python2 project. Then I usually, for example, open the CHANGELOG.rst and read it for which version is right for my project. It might, for example, say that "As of version 2.0.0 it only works for Python3". So I figured out I need version ==1.9.3 and then I go to use hashin.