search

python-poetry / poetry-plugin-export

Poetry plugin to export the dependencies to various formats
MIT License
229 stars 52 forks source link

Option to support poetry export packages only specified in pyproject.toml, but no related upstreams #177

Open pyfreyr opened 1 year ago

pyfreyr commented 1 year ago

pyproject.toml:

[tool.poetry.dependencies]
python = "^3.10"
httpx = "^0.23.3"

now poetry export output:

anyio==3.6.2 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:25ea0d673ae30af41a0c442f81cf3b38c7e79fdc7b60335a4c14e05eb0947421 \
    --hash=sha256:fbbe32bd270d2a2ef3ed1c5d45041250284e31fc0a4df4a5a6071842051a51e3
certifi==2022.12.7 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \
    --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18
h11==0.14.0 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d \
    --hash=sha256:e3fe4ac4b851c468cc8363d500db52c2ead036020723024a109d37346efaa761
httpcore==0.16.3 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:c5d6f04e2fc530f39e0c077e6a30caa53f1451096120f1f38b954afd0b17c0cb \
    --hash=sha256:da1fb708784a938aa084bde4feb8317056c55037247c787bd7e19eb2c2949dc0
httpx==0.23.3 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:9818458eb565bb54898ccb9b8b251a28785dd4a55afbc23d0eb410754fe7d0f9 \
    --hash=sha256:a211fcce9b1254ea24f0cd6af9869b3d29aba40154e947d2a07bb499b3e310d6
idna==3.4 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \
    --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2
rfc3986[idna2008]==1.5.0 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:270aaf10d87d0d4e095063c65bf3ddbc6ee3d0b226328ce21e036f946e421835 \
    --hash=sha256:a86d6e1f5b1dc238b218b012df0aa79409667bb209e58da56d0b94704e712a97
sniffio==1.3.0 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:e60305c5e5d314f5389259b7f22aaa33d8f7dee49763119234af3755c55b9101 \
    --hash=sha256:eecefdce1e5bbfb7ad2eeaabf7c1eeb404d7757c379bd1f7e5cce9d8bf425384

Maybe we can support option to output top packages that only specified by pyproject.toml directly(the example above is just httpx)

Expected export:

httpx==0.23.3 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:9818458eb565bb54898ccb9b8b251a28785dd4a55afbc23d0eb410754fe7d0f9 \
    --hash=sha256:a211fcce9b1254ea24f0cd6af9869b3d29aba40154e947d2a07bb499b3e310d6
neersighted commented 1 year ago

I feel this is mostly a duplicate of https://github.com/python-poetry/roadmap/issues/3 -- you want to get top-level dependency information, and PEP 621 metadata will be the best way for Poetry to expose that, as it will require no special tools to extract.

What use case do you have for locked versions/hashes of top-level deps? Or do you just want the information exposed in PEP 621?

pyfreyr commented 1 year ago

yes, the locked versions of top level deps. Keep simple and concise of requirements.txt for reading

pyfreyr commented 1 year ago

I prefer the requirements.txt of vcs to build docker image, i think it will easy to use cache and read if export simple. If use pyproject.toml, any change will break docker cache strategy, such as version updated which not affect depends.