Cleanup dependencies #3597
Cleanup dependencies #3597
Conversation
sphuber
force-pushed
the
fix_3547_dependency_requirements
branch
from
6f8cd63
to
1dc29a4
Compare
| "pymatgen>=2019.7.2", | ||
| "pymysql~=0.9.3", | ||
| "seekpath~=1.9", | ||
| "spglib~=1.14" | ||
| ], | ||
| "notebook": [ | ||
| "jupyter==1.0.0", |
There was a problem hiding this comment.
I think these requirements were to avoid collisions with py2 and maybe now we can just put jupyter and notebook, without version specification?
There was a problem hiding this comment.
No unfortunately we can't. It's true that notebook>=6 does not support python 2, but it also requires pyzmq>=17 and tornado>=5 and we, because of circus (and plumpy and kiwipy) have exactly pyzmq<17 and tornado<5. I had made a start into seeing whether I could fix circus and make it compatible with the newer versions and made some headway but it is not trivial. Hopefully I can look into this more with @muhrin during the coding week
| ], | ||
| "bpython": [ | ||
| "bpython==0.17.1" | ||
| "bpython~=0.18.0" |
There was a problem hiding this comment.
Do we want to drop this? Is any user really using this? I guess it's more for convenience of users, but then maybe it's ok to remove?
There was a problem hiding this comment.
I am not sure if anyone uses it, so that's why I left it in for now.
|
@asle85 and @waychal I have removed quite a few dependencies in the |
There was a problem hiding this comment.
thanks @sphuber for all this work - and great that we can upgrade to django 2!
I just have some minor suggestions, which is to not downgrade any of the dependencies we currently have (unless you have tested with the older versions).
I'll now also give installing this a try on mac.
P.S. Sorry for having made the edits in reqs_for_rtd - I realized too late.
|
install on macos seems fine |
|
Hi, I have not reviewed all changes to the dependencies in detail yet, but I have had prepared a draft for a related AEP that I just had not submitted yet. Maybe we can consider this in the context of this PR? |
|
@ltalirz thanks for the review. The changes you proposed are not necessary. The changes I made will not result in adowngrade. The compatible operator Edit: I performed a test in a clean virtualenv to make sure: |
I should have been a bit more specific - it is true that installing aiida would not result in downgrading of packages, but if you install AiIDA in an environment that already has an older version of the package installed, then it will not upgrade. |
|
I see, but by specifying the patch version, we strictly reduce the accepted range of versions to that specific minor version, a limitation the removal of which was the whole point of this PR. So there is a direct conflict between those two requirements. We could just tell people in the installation documentation that when installing in an existing environment, the should run |
|
Both I and @waychal have checked the dependencies removed in the rest extras and it looks fine to us. Given that the tests are passing it's ok to remove them. |
That is not how the Even if you specify a patch version, it will install the latest compatible version. |
I am afraid it does. Consider the following two examples: versus When you specify a patch version, it will always remain within the corresponding minor version, as shown by the first example. Doing |
|
You're right - and apologies for not reading your commit message/comments properly (I didn't realize we are only fixing the major version). I think we should retain the ability to force upgrades of the patch level of certain packages, if we know that they contain important bug fixes (such as pgtest 1.3.1).
How about something like |
Probably not in some cases, but that is the case with many things. I agree that we should try to make things as robust as possible but this is not always possible in the case of competing and directly conflicting goals.
I think this does indeed work and would be a possible solution and certainly makes a lot of sense for dependencies where we no a particular patch version contains important bug fixes. I don't think we should blindly apply this to all our current versions though. For the majority of dependencies, the specific version we have currently were just picked because they were the latest version that was available the last time I updated all the dependencies en masse. Do you know of any other dependency that might have a specifically required patch version? |
pgtest is the only one I know for sure - as a "gut feeling" I would also add P.S. Of course, these extra |
| "pg8000~=1.13", | ||
| "pgtest~=1.3", | ||
| "pytest~=5.3", | ||
| "sqlalchemy-diff~=0.1.3" | ||
| ], | ||
| "dev_precommit": [ |
There was a problem hiding this comment.
I think for the pre-commit dependencies it actually makes sense to pin them exactly. The issue with these is that even a "backwards compatible" change in behavior can cause the build to fail.
For example, when pylint has a false positive, we add a # pylint: disable=... comment. If a subsequent patch fixes the false positive, it will trigger useless-suppression errors.
There was a problem hiding this comment.
Also, they are presumably used only when developing aiida-core - so there really isn't much of a concern for being compatible with other environments / packages.
There was a problem hiding this comment.
We have the useless-suppression warning disabled globally, but I see your point. This can also just happen with pre-commit and yapf that introduce new formatting rules. However, if that happens, since these are only for developers anyway, the dev just upgrades his dependencies in his development environment and commits the changes no?
There was a problem hiding this comment.
Just imagine your PR fails because in just that moment some new yapf/pylint version has been released...
I would prefer to avoid this ;-)
There was a problem hiding this comment.
Exactly, it can be quite an annoying thing. Also, if we have scheduled CI on older branches they will just suddenly fail with pre-commit errors, for no reason.
sphuber
force-pushed
the
fix_3547_dependency_requirements
branch
from
1dc29a4
to
dd78c06
Compare
|
@ltalirz I have added explicit lower required patch versions for |
Yes, I think @greschd has a good point here. |
sphuber
force-pushed
the
fix_3547_dependency_requirements
branch
from
dd78c06
to
98f35aa
Compare
|
Seems like a little bit more patience is required 😅 . The |
|
That's very strange... With your previous version of the branch (all dependencies with The only main difference I can see is that you were using pre-commit 1.19. Perhaps 1.17 had some astroid dependency that pip is somehow not properly resolving? P.S. Here the output of |
I know that |
|
Seems like it was a problem with the cache. I added a commit to run |
sphuber
force-pushed
the
fix_3547_dependency_requirements
branch
3 times, most recently
from
a3f4502
to
f18369c
Compare
The version requirements of all `install_requires` and `extras_require`
dependencies are reevaluated. Where we used to require explicit version
by pinning to exact versions using the `==` operator, we now use the more
liberal operator `~=`. This is the compatible release operator:
https://www.python.org/dev/peps/pep-0440/#compatible-release
For a given release identifier `V.N` the compatible release clause is
approximately equivalent to the pair of comparison clauses:
>= V.N, == V.*
With this rule we define our dependency requirements using the minor
version for packages with a major version of 1 or higher and using the
patch version for packages whose major version is still at 0. The reason
is that when packages have released `v1` they can be expected to respect
semantic versioning and not break backwards compatibility in minor
version whereas this is typically not the case for `v0` versions where
backward incompatible changes are introduced in minor versions as well.
Note that this approach will not prevent from breaking our builds
because packages break their API in minor versions, but at least we have
a consistent dependency requirement policy.
List of specific restrictions and changes:
* `pymatgen==2019.7.2` is the last to support python 3.5
* `jinja2` moved to `install_requires` as it is used explicitly by `verdi`
* `astroid==2.2.5` required by `prospector`, will cause crash if wrong
Explicit lower patch requirements are set for a few packages because
they are known to contain critical and required bug fixes:
* `psycopg-binary>=2.8.3`
* `sqlalchemy>=1.3.10`
* `pgtest>=1.3.1`
* `seekpath>=1.9.3`
Finally, an exception is made for packages of the `dev_precommit` extra
which can affect pre-commit behavior such as linting warnings or code
formatting. To prevent updates in these packages from unexpectedly
failing the pre-commit hooks, they are pinned to an explicit version.
This is a rolling backport of the module `unittest.mock` which has been part of the standard python library since v3.3. Note that one has to do `from unittest.mock import patch` and use it directly as for some reason `import unittest` followed by using `unittest.mock.patch` will result in an `AttributeError`.
It was only used to parse the repository URI of a profile, which can be accomplished just as well with the built in `urllib.parse.urlparse`.
They will be removed in `aiida-core==2.0.0` which will allow to drop the `ete3` dependency. This CLI command was they only code using this lib.
sphuber
force-pushed
the
fix_3547_dependency_requirements
branch
from
f18369c
to
8885d21
Compare
Fixes #3547 and fixes #2903 and fixes #3528
This PR releases the strict pinning of dependency versions.
In addition, it gets rid of some unnecessary dependencies:
mockpassliburitools