voxpupuli / puppet-python

Puppet module for installing and managing Python, pip, virtualenvs and Gunicorn virtual hosts.
https://forge.puppetlabs.com/puppet/python
Apache License 2.0
200 stars 374 forks source link

Puppet python latest version resolving - Prereleases #690

Open optical-o opened 7 months ago

optical-o commented 7 months ago

Hello,

There is an issue during the resolution of the latest version from the pip repository:

It takes the last version that is retrieved by the pip. However, it might not be the latest version but a prerelease/development version.

" | sed -nE 's/.*\\(from versions: (.*, )*(.*)\\)/\\2/p'",

Example of the output for a private repository with a prerelease version.

(from versions: 1.0.0, 1.0.1, 1.0.3, 1.0.4, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 2.0.0rc1, 2.0.0rc2, 2.0.0rc3)
--pre
Include pre-release and development versions. By default, pip only finds stable versions.
teluq-pbrideau commented 5 months ago

It actually happens right now with the pip public package:

Puppet notify a change to me at every run:

Notice: /Stage[main]/Profile::Test/Python::Pip[pip]/Exec[pip_install_pip]/returns: executed successfully                             
:~$ pip install pip==notreallyaversion
Defaulting to user installation because normal site-packages is not writeable
ERROR: Ignored the following yanked versions: 20.0, 20.3.2, 21.2
ERROR: Could not find a version that satisfies the requirement pip==notreallyaversion (from versions: 0.2, 0.2.1, 0.3, 0.3.1, 0.4, 0.5, 0.5.1, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.8.2, 0.8.3, 1.0, 1.0.1, 1.0.2, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.4, 1.4.1, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.1.0, 6.1.1, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.1.1, 8.1.2, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 10.0.0b1, 10.0.0b2, 10.0.0, 10.0.1, 18.0, 18.1, 19.0, 19.0.1, 19.0.2, 19.0.3, 19.1, 19.1.1, 19.2, 19.2.1, 19.2.2, 19.2.3, 19.3, 19.3.1, 20.0.1, 20.0.2, 20.1b1, 20.1, 20.1.1, 20.2b1, 20.2, 20.2.1, 20.2.2, 20.2.3, 20.2.4, 20.3b1, 20.3, 20.3.1, 20.3.3, 20.3.4, 21.0, 21.0.1, 21.1, 21.1.1, 21.1.2, 21.1.3, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 21.3, 21.3.1, 22.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.1b1, 22.1, 22.1.1, 22.1.2, 22.2, 22.2.1, 22.2.2, 22.3, 22.3.1, 23.0, 23.0.1, 23.1, 23.1.1, 23.1.2, 23.2, 23.2.1, 23.3, 23.3.1, 23.3.2, 24.0, 24.1b1, 24.1b2)
ERROR: No matching distribution found for pip==notreallyaversion

:~$ pip install pip==notreallyaversion 2>&1 | grep -oP "\(from versions: .*\)" | sed -E "s/\(from versions: (.*?, )*(.*)\)/\2/g" | tr -d "[:space:]"
24.1b2

I’ve successfully retreived the right version with this modified command with more pipe (removing rc and b from the output) The exclusion should probably be a variable taken as parameter of python::pip{} module?

:~$ pip install pip==notreallyaversion 2>&1 | grep -oP "(?<=\(from versions: )[^\)]*" | tr -d "[:space:]" | sed -e 's/,/\n/g' | grep -Ev '(b|rc)' | tail -1
24.0

or a (little) bit cleaner with awk script:

:~$ pip install pip==notreallyaversion 2>&1 | grep -oP "(?<=\(from versions: )[^\)]*" | awk 'BEGIN {RS=", "} {if ($0 !~ /(b|rc)/) {stable[arraylen++]=$0}} END {print stable[arraylen-1] }'
24.0

There is probably a way to get the look-ahead inside the awk command, butI’ll look further into it next week and make a PR with a suggestion.

optical-o commented 5 months ago

I think a more proper way would be to use some regex that meets the specification for the version https://packaging.python.org/en/latest/specifications/version-specifiers/#version-specifiers rather than white-labelling of only rc tags. Note that also ('a' and 'c') is allowed.

For example there are also Developmental releases ('dev')

0.9
1.0.dev1
1.0.dev2
1.0.dev3
1.0.dev4
1.0c1
1.0c2
1.0
1.0.post1
1.1.dev1
teluq-pbrideau commented 5 months ago

Thanks @optical-o for the source reference. I see no mention of c in this reference, only rc: [N!]N(.N)*[{a|b|rc}N][.postN][.devN]

Should we exclude post release, as it is «strongly discouraged» to include bug fixes in these? Should we be safe and include them?

The use of post-releases to publish maintenance releases containing actual bug fixes is strongly discouraged. In general, it is better to use a longer release number and increment the final component for each maintenance release.

Also, i’ll use sed to extract versions instead of grep with lookahead:

:~$ pip install pip==notreallyaversion 2>&1 | sed -nE 's/.*\(from versions: ([^\)]*)\)/\1/p' | awk 'BEGIN {RS=", "} {if ($0 !~ /(a|b|rc|dev)/) {stable[arraylen++]=$0}} END {print stable[arraylen-1] }'