search

thmahe / poetry-pyinstaller-plugin

Poetry plugin to build and/or bundle binaries with PyInstaller
https://pypi.org/project/poetry-pyinstaller-plugin/
MIT License
12 stars 6 forks source link

PyInstaller is not using "locked" package version #12

Open climblinne opened 1 week ago

climblinne commented 1 week ago

I stumbled today about a problem. I used OpenCV with a certain version range and a specific version in a lock file.

In my dependencies I got the following lines:

In my lock file the version is set to "4.10.0.82". Now a new version from OpenCV came out "4.10.0.84". This broke my test. It has new support for numpy 2.0.

This is my typical run:

So I found, that "poetry-pyinstaller-plugin" is installing the newer version of numpy and opencv and uses them to build. This broke my test afterwards. Also, when running "poetry show" you can't see the updated libraries.

I would prefer, when pyinstaller would use the venv from poetry, may be by adding some specials needed for pyinstaller. Or it should just install things from the lock file.

climblinne commented 1 week ago

After removing the package installation part:

def _build_binaries(self, event: ConsoleCommandEvent, event_name: str, dispatcher: EventDispatcher) -> None:
       ...
            for requirement in self._app.poetry.package.requires:
                pip_r = requirement.base_pep_508_name_resolved.replace(' (', '').replace(')', '')

                extra_index_url = []
                if requirement.source_name:
                    extra_index_url = ["--extra-index-url", extra_indexes.get(requirement.source_name)]
    ...

the process worked fine.

What was the reason to install the package additional and not using the existing virtual environment?

thmahe commented 1 week ago

Hi @climblinne,

What was the reason to install the package additional and not using the existing virtual environment?

Virtual-environment is re-used between builds but always start with an upgrade step in case of PyInstaller version change from pyproject.toml config. It is also a good practice to build your binary with the latest versions of packages used by your project instead of relying on local environment that might not be on track with actual releases.

I agree with your statement "It should just install things from the lock file.", keeping your issue open for future development.

As of now the only workaround is to specify your dependencies with strict versioning in your pyproject.toml

climblinne commented 1 week ago

Hi @thmahe ,

at the moment the problem is also, that it's also influencing my tests later in the process. It's not only itself, by building to the newest version, also the later tests are influenced. I would also see "poetry" in the position, to install all dependencies and not to try to "reprogram" the logic inside the module. There is also an mistake inside the current package install loop, because pip is always called with a single install call instead of all packages together, so the dependencies between packages are not resolved.

May be "pyinstaller" should be inside a module like "[tool.poetry.group.pyinstaller.dependencies]". The same for "certifi" and "cffi" (for what are you using this?).

Let's use "poetry install --with pyinstaller" (the official way to install dependencies) to prepare venv. When somebody is not using it, give out a message (hint to run poetry install and ignore the pyinstaller build task.

This would also eliminate the pyinstaller version and allow a version range: version = "6.7.0"