search

pypa / pipenv

Python Development Workflow for Humans.
https://pipenv.pypa.io
MIT License
24.87k stars 1.87k forks source link

`install --deploy` doesn't check if local packages' dependencies have changed #4762

Open allanlewis opened 3 years ago

allanlewis commented 3 years ago

Issue description

Given my Pipfile includes a dependency specified as a local path When I update that dependency's dependencies in its setup.py ...

Expected result

Then I expect pipenv install --deploy to fail because Pipfile.lock needs updating

Actual result

The dependency I added to setup.py isn't installed and I don't get any errors or logging about Pipfile.lock needing to be updated. This is the output of pipenv install --deploy --verbose after adding pylint as to install_requires for mypkg. The same happens if I increment the version of mypkg or add --clear to the command: it seems to ignore the current state of mypkg/setup.py. It seems like I will always need to know to run pipenv lock after changing setup.py: I won't be able to rely on my CI failing due to --deploy.

Steps to replicate

Using a simple setup.py as below, run pipenv install --deploy. Then change a dependency - I added one to be sure it's a substantive change - and run the same again. Updating Pipfile.lock works as expected, but I'd also expect pipenv install --deploy to fail. Also try updating the version and running pipenv install --deploy: again, I'd expect that to fail. Updating the Pipfile to specify the new version does cause --deploy to fail, but I just want it to always install the version from the given path without me having to update the Pipfile each time. (My specific scenario is that I have a bunch of microservices and a shared library: I always want every service to use the latest/current version of the library.)

# mypkg/setup.py
# Specific contents shouldn't matter
# This is based on a minimal setup.py with arbitrary dependencies

import setuptools

setuptools.setup(
    name='mypkg',
    packages=setuptools.find_packages(),
    description='My package',
    author="Me",
    version="1.0.2",
    install_requires=[
        'requests>=2',
        'pycodestyle',
        'pylint',
    ],
)
$ pipenv --support Pipenv version: `'2021.5.29'` Pipenv location: `'/Users/allanlewis/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pipenv'` Python location: `'/Users/allanlewis/.pyenv/versions/3.6.13/bin/python3'` Python installations found: - `3.9.5`: `/Users/allanlewis/.pyenv/versions/3.9.5/bin/python3` - `3.8.10`: `/Users/allanlewis/.pyenv/versions/3.8.10/bin/python3` - `3.8.2`: `/usr/bin/python3` - `3.7.10`: `/Users/allanlewis/.pyenv/versions/3.7.10/bin/python3` - `3.6.13`: `/Users/allanlewis/.pyenv/versions/3.6.13/bin/python3` - `3.6.13`: `/Users/allanlewis/.pyenv/versions/3.6.13/bin/python3.6` - `3.6.13`: `/Users/allanlewis/.pyenv/versions/3.6.13/bin/python3.6m` - `3.6.13`: `/Users/allanlewis/.pyenv/versions/3.6.13/bin/python3` - `2.7.16`: `/usr/bin/python2` - `2.7.16`: `/usr/bin/python2.7` PEP 508 Information: ``` {'implementation_name': 'cpython', 'implementation_version': '3.6.13', 'os_name': 'posix', 'platform_machine': 'x86_64', 'platform_python_implementation': 'CPython', 'platform_release': '20.5.0', 'platform_system': 'Darwin', 'platform_version': 'Darwin Kernel Version 20.5.0: Sat May 8 05:10:33 PDT ' '2021; root:xnu-7195.121.3~9/RELEASE_X86_64', 'python_full_version': '3.6.13', 'python_version': '3.6', 'sys_platform': 'darwin'} ``` System environment variables: - `SHELL` - `LSCOLORS` - `PYENV_HOOK_PATH` - `PYENV_SHELL` - `LESS` - `XPC_FLAGS` - `NVM_INC` - `TERM_PROGRAM_VERSION` - `__CFBundleIdentifier` - `SSH_AUTH_SOCK` - `TERM_SESSION_ID` - `TRELLO_SERVER_TOKEN` - `EDITOR` - `PYENV_VERSION` - `PWD` - `LOGNAME` - `LaunchInstanceID` - `HOME` - `LANG` - `RETIRE_STYLUS` - `GITHUB_TOKEN` - `SECURITYSESSIONID` - `TMPDIR` - `PYENV_DIR` - `NVM_DIR` - `HOMEBREW_BOOTSNAP` - `TERM` - `ZSH` - `USER` - `COMPOSE_FILE` - `SHLVL` - `NVM_CD_FLAGS` - `PAGER` - `TRELLO_API_KEY` - `XPC_SERVICE_NAME` - `JQ_COLORS` - `PYENV_ROOT` - `PATH` - `NVM_BIN` - `ENABLE_PURGECSS` - `OLDPWD` - `TERM_PROGRAM` - `__CF_USER_TEXT_ENCODING` - `PIP_DISABLE_PIP_VERSION_CHECK` - `PYTHONDONTWRITEBYTECODE` - `PIP_SHIMS_BASE_MODULE` - `PIP_PYTHON_PATH` - `PYTHONFINDER_IGNORE_UNSUPPORTED` Pipenv–specific environment variables: Debug–specific environment variables: - `PATH`: `/Users/allanlewis/.pyenv/versions/3.6.13/bin:/usr/local/Cellar/pyenv/2.0.4/libexec:/usr/local/Cellar/pyenv/2.0.4/plugins/python-build/bin:/Users/allanlewis/.nvm/versions/node/v12.21.0/bin:/Users/allanlewis/bin:/Users/allanlewis/.local/bin:/usr/local/opt/util-linux/sbin:/usr/local/opt/util-linux/bin:/usr/local/opt/postgresql@10/bin:/usr/local/opt/java11/bin:/usr/local/opt/gnu-sed/libexec/gnubin:/usr/local/opt/grep/libexec/gnubin:/usr/local/opt/findutils/libexec/gnubin:/usr/local/opt/diffutils/bin:/usr/local/opt/coreutils/libexec/gnubin:/Users/allanlewis/.pyenv/shims:/Users/allanlewis/.pyenv/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin` - `SHELL`: `/bin/zsh` - `EDITOR`: `nano` - `LANG`: `en_GB.UTF-8` - `PWD`: `/var/folders/fw/0l2mp3hj7d95tycrtjj38mxh0000gn/T/tmp.ck3vIa5dwA` --------------------------- Contents of `Pipfile` ('/private/var/folders/fw/0l2mp3hj7d95tycrtjj38mxh0000gn/T/tmp.ck3vIa5dwA/Pipfile'): ```toml [[source]] url = "https://pypi.org/simple" verify_ssl = true name = "pypi" [packages] mypkg = {path = "./mypkg"} [dev-packages] [requires] python_version = "3.8" ``` Contents of `Pipfile.lock` ('/private/var/folders/fw/0l2mp3hj7d95tycrtjj38mxh0000gn/T/tmp.ck3vIa5dwA/Pipfile.lock'): ```json { "_meta": { "hash": { "sha256": "2bcd1000f93c7451b97f529eb24cbc88b9084dd8b91728677b72ab9b8097bb21" }, "pipfile-spec": 6, "requires": { "python_version": "3.8" }, "sources": [ { "name": "pypi", "url": "https://pypi.org/simple", "verify_ssl": true } ] }, "default": { "certifi": { "hashes": [ "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], "version": "==2021.5.30" }, "charset-normalizer": { "hashes": [ "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b", "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3" ], "markers": "python_version >= '3'", "version": "==2.0.4" }, "idna": { "hashes": [ "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a", "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3" ], "markers": "python_version >= '3'", "version": "==3.2" }, "mypkg": { "path": "./mypkg", "version": "==1.0.1" }, "pycodestyle": { "hashes": [ "sha256:514f76d918fcc0b55c6680472f0a37970994e07bbb80725808c17089be302068", "sha256:c389c1d06bf7904078ca03399a4816f974a1d590090fecea0c63ec26ebaf1cef" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.7.0" }, "requests": { "hashes": [ "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==2.26.0" }, "urllib3": { "hashes": [ "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", "version": "==1.26.6" } }, "develop": {} } ```
allanlewis commented 3 years ago

Thinking about it again, and reading related but different issues, perhaps this is more of a feature request - maintainers, feel free to treat it as such 🙂

matteius commented 2 years ago

@allanlewis Verified that this is the case, even on pip 22.0.4 resolver (though this may be specific to pipenv internals, I am unsure at this hour) but it has been triaged and I agree with what you are saying.

matteius commented 1 year ago

I am re-reading this and just checked it, but I am not sure I agree with the expectation.

pipenv install --deploy is really just pipenv sync with a hash check of the contents of the Pipfile, but there is no resolve phase and it would be expensive to add one. If you change a local editable install's dependencies, I would expect you would also want to invoke a lock cycle as a result, but I wouldn't expect pipenv install --deploy to incur the expense of this.