-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
replace setup.py with pyproject.toml ? #740
Comments
@MagikEh maybe take a look, I vaguly recall you looking at this stuff in the past. |
another weird question: why do both requirements.txt and pyproject.toml exist? are they the same? do we need to create both? |
so confused... https://packaging.python.org/en/latest/guides/distributing-packages-using-setuptools/ latest and greatest advice is to create setup.py, but when you use the tools, there are deprecation notices... |
this is about not letting our build/distribution tools be obsolete in the eyes of the python packaging community. |
There is a relevant discussion on discuss: https://discuss.python.org/t/user-experience-with-porting-off-setup-py/37502/128
By the way, I think that |
That reference was really interesting and helpful. We don't have any C in the python implementation. The C stuff is... um just straight C (not python at all no python packaging.) The meson-python seems to be mostly for people with compiled language modules in there. The article seems to recommend hatchling for pure python projects... I tried the auto-migration... hmm... it changed my minimum python version from 3.6 to 3.7... I don't know if I can do that, I have to go back and look at what old OS's have. It also dropped all the dependency information... filled in many fields with strings that say "temporary" ... meaning, I think it wants me to replace them... sigh... this is a little project on it's own... stuck with it... I think I have something that is kind of ok: there is an issue740_hatchling branch with a pyproject.toml. It seems to build the package OK, but it put in a lot of stuff I don't understand yet about running tests... https://github.com/MetPX/sarracenia/blob/issue740_hatchling/pyproject.toml I think I caught everything that the setup.py had... so for coverage I guess it is ok.
irony:
Hatch (hatchling? I can't tell the difference betwen the two.) is not popular, but it seems to work ok. So... this is probably one option, once we work through the caveats above. |
|
sigh... fedora-python/pyp2rpm#297 |
Two points:
|
for 1... it's multiple entry points, not a single one, and there are libraries we expect users to use (so pipx is out.) so... it has a few more parts than a single script, but pure python. for 2... Thanks, I changed the conda instructions to match your experience, and refer to requirements.txt On omitting amqp, that's not a mistake. Sarracenia now supports AMQP and MQTT, so amqp is not a hard requirement, but an (admittedly super common) choice. You can use amqp or mqtt or both and mix and match. On the other hand, there is a handy:
command you can use to inventory which features are present, and install the missing ones you need. Outstanding task is to add discussion of the features command to the install tutorials. further reading #741 aside: Packaging RequirementsI guess I need to state what we are asking of the packaging method. There a kind of four target environments for installation:
native python packaging works great pretty much everywhere, and for python developers that's fine. That covers Conda, and venv, and other python envs pretty well. The main problem with python environments is security auditing and patching. I'm not aware of any way to update for security issues in a python environment, you can blindly update everything, but there is no concept of patching to the latest stable version, or just patching the minimum to get security updates. You also need to audit every python venv, and conda, etc... individually as they have separate copies of dependencies, and so patching becomes a whack-a-mole excercise. I prefer to use a single python environment per system, and leverage operating system packages whenever possible. Operating system vendors are issuing dozens to hundreds of security advisories per month, and it is infeasible to to look at each one and decide the ones to apply, and even if you do, you end up with a combinatoric problem if different versions of dependencies being tested with eachother. People doing due diligence (as required in most corporate production environments) are going to be applying security patches at least monthly. So folks should be going over every python venv they have, and updating everything in it, every month. I've never heard of anyone that does that... A lot of users, however, don't want a python environment, they want a package they can use, like anything else installed on the system. OS packages are better for them. On debian/ubuntu, that is completely integrated and seamless, it's wonderful and easy. The debian packages are auto built for supported OS and architecture on For redhat, it's the total opposite, there is no way I can see to build OS-native python packages there. It is always going to involve manual tweaking, duplicative config file building, and no or very bad dependency management. It's like they want the OS to be one thing, and applications to use python environments, and not the OS provided python. For windows, using pynsist for now, and it breaks regularly... every release is a new puzzle... which dependency is missing now? but it leverages the normal python packaging, so not much of an exception, just the available dependencies seem to change in real-time. |
So I just had to build RPM packages for the supercomputer, and that refreshed my memory:
So that's the hangup. RPM building. the pyproject.toml file, using hatchling works fine, but I'm missing the ability to build RPMS. |
You could ask at https://discuss.python.org. I have seen Fedora developers answering questions there. |
thanks, I looked at what's there, there is a 4 year old thread that ends with no answers, I posted there to wake it up. |
So far, nobody responded. But it seems Fedora has macros for use with any build system. I have no idea whether those would be useful to you: https://koji.fedoraproject.org/koji/buildinfo?buildID=2297977. |
OK, the rpm spec file works fine, and how it works is documented in the Developers guide... on fedora 39. works great. |
ubuntu 18.04 similarly has python 3.6... so until that is retired (currently the most common deployment case.) We can't move forward on this. |
spawned #853 |
in many environments, I read that setup.py is deprecated, and it looks like we should migrated to pyproject.toml. I'm reading in here:
it quotes the python setup guide, which says: "The setup.py file should be used only when custom scripting during the build is necessary. " ...
the current setup.py also copies other files existing in the directory as fields for the metadata, which again is something pyproject.toml doesn't look like it can do. I mean I would expect any/every project to require the version to be set. and the version will be different every time, so ... the .ini format of .toml has no was to run code in it, so you cannot interrogate the file system to determine the version number... so I guess that counts as "custom scripting" ?
I can't see any package requiring manually setting the version every release...
anyways the pip tools threaten that setup.py support may go away in the future... and that one "should" use pyproject.toml, but since it's completely static, we need to create a script to write the pyproject.toml.
I think I am missing something.
The text was updated successfully, but these errors were encountered: