Versionned zipapps not available

pypa / get-pip

Helper scripts to install pip, in a Python installation that doesn't have it.

https://bootstrap.pypa.io/pip/

MIT License

738 stars 293 forks source link

Versionned zipapps not available #189

Closed JeanChristopheMorinPerso closed 5 months ago

JeanChristopheMorinPerso commented 1 year ago

Description

The documentation at https://pip.pypa.io/en/stable/installation/#standalone-zip-application says:

There are also zip applications for specific pip versions, named pip-X.Y.Z.pyz.

I can't seem to be able to find these versioned zipapps. When I go to https://bootstrap.pypa.io/pip/, all I can see is pip.pyz.

Are versioned zipapps supposed to be made available or not?

Expected behavior

I'd personally like ot have access to specific versions of the zipapps so that I can make sure that a specific pip version is used without downloading it and running python pip.pyx --version to see the version.

Thanks!

pip version

N/A

Python version

N/A

OS

N/A

How to Reproduce

N/A

Output

No response

Code of Conduct

[X] I agree to follow the PSF Code of Conduct.

pfmoore commented 1 year ago

The intention was to make them available, but the automation and CI infrastructure around the get-pip project made that hard to do. I deferred doing this, but never got back to it. Thanks for the reminder.

@pradyunsg - you set up the automation that got upset with having versioned zipapps - do you have any suggestions on how we do this? My brute force approach would be to add the versioned zipapps and fix (or more likely rip out[^1]) any checks that can't deal with us adding a new file each release...

[^1]: Mainly because I'm not at all clear what those checks are trying to verify - so if you can explain that to me, that would be a good start.

pradyunsg commented 1 year ago

I'm not at all clear what those checks are trying to verify - so if you can explain that to me, that would be a good start

We basically generate giant blurbs of files that contain code that's obscured in multiple ways. By using a generation script that's reproducible across whatever place we're running it from and validating that what's in the repo is exactly what would be generated from scratch, we ensure that the stuff in the repository is sane and correctly setup. Plus, it also makes it easier to be comfortable about the fact that whatever is in the repo will show up on bootstrap.pypa.io very quickly.

I'm hesitant about removing these checks -- I think they're valuable and a useful tool to ensure that that we're not messing something up in our release processes.

What I've suggested elsewhere before is that we should have the versioned copies in a subdirectory and generate them all. We already want to have more files (ALA #88) and generating multiple zipapps (instead of just one versioned + one unversioned on each run) from the script is good enough for our purposes.

pfmoore commented 1 year ago

An initial version of this is at https://github.com/pypa/get-pip/pull/191

JeanChristopheMorinPerso commented 1 year ago

Wow, thanks for the prompt response!

pfmoore commented 5 months ago

Completed via https://github.com/pypa/get-pip/pull/191