Add basic tool.uv.sources support
#3263
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konstin
force-pushed
the
konsti/tool-uv-sources-analysis
branch
2 times, most recently
from
46d6c68
to
33883ed
Compare
| pub enum UvSource { | ||
| Registry { | ||
| version: VersionSpecifiers, | ||
| index: Option<String>, |
There was a problem hiding this comment.
This is still mostly to-be-designed and mainly a placeholder, but i'd expect this to become the name of an index, e.g. torch, which is then defined elsewhere, either in this file or in a global configuration. This doesn't have any usages yet to be easy to change once we have the design
konstin
added a commit
that referenced
this pull request
Apr 30, 2024
Split out from #3263. No functional changes.
konstin
added a commit
that referenced
this pull request
Apr 30, 2024
konstin
force-pushed
the
konsti/tool-uv-sources-analysis
branch
from
33883ed
to
b8cb0db
Compare
konstin
added a commit
that referenced
this pull request
Apr 30, 2024
Merged
konstin
force-pushed
the
konsti/tool-uv-sources-analysis
branch
from
b8cb0db
to
8c11163
Compare
konstin
force-pushed
the
konsti/tool-uv-sources-analysis
branch
2 times, most recently
from
348d11d
to
1fae847
Compare
konstin
force-pushed
the
konsti/tool-uv-sources-analysis
branch
2 times, most recently
from
868ef3d
to
2431020
Compare
| RequirementsTxtRequirement::Uv(requirement) => requirement.name.to_string(), | ||
| RequirementsTxtRequirement::Unnamed(unnamed) => unnamed.to_string(), | ||
| } | ||
| } |
There was a problem hiding this comment.
Why is this not implementing display?
There was a problem hiding this comment.
Which part? There's a impl Display for RequirementsTxtRequirement
konstin
force-pushed
the
konsti/tool-uv-sources-analysis
branch
from
b83969b
to
83b6fe0
Compare
| @@ -5224,7 +5224,7 @@ fn unsupported_scheme() -> Result<()> { | |||
| ----- stdout ----- | |||
|
|
|||
| ----- stderr ----- | |||
| error: Unsupported scheme `bzr+https` on URL: bzr+https://example.com/anyio (Bazaar is not supported) | |||
| error: Unsupported URL prefix `bzr` in URL: `bzr+https://example.com/anyio` | |||
There was a problem hiding this comment.
I feel like this error message got worse, can we restore it?
There was a problem hiding this comment.
At least the part at the end.
There was a problem hiding this comment.
I'd also like to track the origin of the invalid url, but that's a larger task.
| )); | ||
| }; | ||
|
|
||
| if !Urls::is_allowed(expected, url) { | ||
| return Err(ResolveError::ConflictingUrlsTransitive( | ||
| requirement.name.clone(), | ||
| expected.verbatim().to_string(), | ||
| url.verbatim().to_string(), |
There was a problem hiding this comment.
Why lose the verbatim here?
charliermarsh
approved these changes
May 3, 2024
| }; | ||
|
|
||
| let mut url = Url::parse(&format!("git+{git}"))?; | ||
| let mut given = git.to_string(); |
There was a problem hiding this comment.
This is incorrect. Don't we need the actual string here?
There was a problem hiding this comment.
@konstin - I guess we need to find a way to preserve the exact string from the TOML, right? Otherwise, how will we preserve environment variables?
There was a problem hiding this comment.
imho toml shouldn't support env vars
| _ => return Err(LoweringError::MoreThanOneGitRef), | ||
| }; | ||
|
|
||
| let mut url = Url::parse(&format!("git+{git}"))?; |
There was a problem hiding this comment.
The docs on RequirementSource::Git say it's the URL without the git+ prefix. Is this correct?
| return Ok(Self::Mismatch); | ||
| } | ||
|
|
||
| if &requested_url.to_string() != installed_url |
There was a problem hiding this comment.
This seems off. Shouldn't we instead parse the URL, and use CanonicalUrl to compare these? Why are we comparing as strings?
konstin
added a commit
that referenced
this pull request
May 6, 2024
konstin
added a commit
that referenced
this pull request
May 8, 2024
When using `tool.uv.sources`, we enforce that requirements have a bound, i.e. at least a lower version constraint. When using a library, the symbols you import were introduced in different versions, creating an implicit lower bound. This forces to make that bound explicit. This is crucial to prevent backtracking resolvers from selecting an ancient versions that is not compatible (or worse, doesn't build), and a performance optimization on top. This feature is gated to `tool.uv.sources` (as it should have been for #3263/#3443) to not unnecessarily break legacy workflows. It is also helpful specifically when using a `tool.uv.sources` section that contains constraints that are not published to pypi, e.g. for workspace dependencies. We can adjust those later to e.g. not constrain workspace dependencies with `publish = false`, but i think it's the right setting to start with.
konstin
added a commit
that referenced
this pull request
May 8, 2024
When using `tool.uv.sources`, we enforce that requirements have a bound, i.e. at least a lower version constraint. When using a library, the symbols you import were introduced in different versions, creating an implicit lower bound. This forces to make that bound explicit. This is crucial to prevent backtracking resolvers from selecting an ancient versions that is not compatible (or worse, doesn't build), and a performance optimization on top. This feature is gated to `tool.uv.sources` (as it should have been for #3263/#3443) to not unnecessarily break legacy workflows. It is also helpful specifically when using a `tool.uv.sources` section that contains constraints that are not published to pypi, e.g. for workspace dependencies. We can adjust those later to e.g. not constrain workspace dependencies with `publish = false`, but i think it's the right setting to start with.
konstin
added a commit
that referenced
this pull request
May 8, 2024
When using `tool.uv.sources`, we warn that requirements have a bound, i.e. at least a lower version constraint. When using a library, the symbols you import were introduced in different versions, creating an implicit lower bound. This forces to make that bound explicit. This is crucial to prevent backtracking resolvers from selecting an ancient versions that is not compatible (or worse, doesn't build), and a performance optimization on top. This feature is gated to `tool.uv.sources` (as it should have been for #3263/#3443) to not unnecessarily break legacy workflows. It is also helpful specifically when using a `tool.uv.sources` section that contains constraints that are not published to pypi, e.g. for workspace dependencies. We can adjust those later to e.g. not constrain workspace dependencies with `publish = false`, but i think it's the right setting to start with.
charliermarsh
pushed a commit
that referenced
this pull request
May 8, 2024
When using `tool.uv.sources`, we warn that requirements have a bound, i.e. at least a lower version constraint. When using a library, the symbols you import were introduced in different versions, creating an implicit lower bound. This warning makes this explicit. This is crucial to prevent backtracking resolvers from selecting an ancient versions that is not compatible (or worse, doesn't build), and a performance optimization on top. This feature is gated to `tool.uv.sources` (as it should have been to begin with for #3263/#3443) to not unnecessarily break legacy workflows. It is also helpful specifically when using a `tool.uv.sources` section that contains constraints that are not published to pypi, e.g. for workspace dependencies. We can adjust those later to e.g. not constrain workspace dependencies with `publish = false`, but i think it's the right setting to start with.
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduction
PEP 621 is limited. Specifically, it lacks
The semantics of urls are a custom extension, PEP 440 does not specify how to use git references or subdirectories, instead pip has a custom stringly format. We need to somehow support these while still stying compatible with PEP 621.
tool.uv.sourceDrawing inspiration from cargo, poetry and rye, we add
tool.uv.sourcesor (for now stub only)tool.uv.workspace:See
docs/specifying_dependencies.mdfor a detailed explanation of the format. The basic gist is thatproject.dependenciesis what ends up on pypi, whiletool.uv.sourcesare your non-published additions. We do support the full range or PEP 508, we just hide it in the docs and prefer the exploded table for easier readability and less confusing with actual url parts.This format should eventually be able to subsume requirements.txt's current use cases. While we will continue to support the legacy
uv pipinterface, this is a piece of the uv's own top level interface. Together withuv runand a lockfile format, you should only need to writepyproject.tomland douv run, which generates/uses/updates your lockfile behind the scenes, no more pip-style requirements involved. It also lays the groundwork for implementing index pinning.Changes
This PR implements:
project.dependencies,project.optional-dependenciesandtool.uv.sourcesinto a new requirements format, including:pip installintegrationtool.uv.sourcesdocs/specifying_dependencies.md)It does not implement:
pip compiletesting, deprioritizing towards our own lockfileOne technically breaking change is that we now require user provided pyproject.toml to be valid wrt to PEP 621. Included files still fall back to PEP 517. That means
pip install -r requirements.txtrequires it to be valid whilepip install -r requirements.txtwith-e .as content falls back to PEP 517 as before.Implementation
The
pep508requirement is replaced by a newUvRequirement(name up for bikeshedding, not particularly attached to the uv prefix). The still existingpep508_rs::Requirementtype is a url format copied from pip's requirements.txt and doesn't appropriately capture all features we want/need to support. The bulk of the diff is changing the requirement type throughout the codebase.We still use
VerbatimUrlin many places, where we would expect a parsed/decomposed url type, specifically:Urls.PackageIdwith a customCanonicalUrlcomparison, instead of canonicalizing urls eagerly.PubGrubPackage: We eventually convert theVerbatimUrlback to aDist(Dist::from_url), instead of remembering the url.I tried to make improve the situation be replacing
VerbatimUrl, but these changes would require massive invasive changes (see e.g. #3253). A main problem is the refVersionOrUrland applying overrides, which assume the same requirement/url type everywhere. In its current form, this PR increases this tech debt.I've tried to split off PRs and commits, but the main refactoring is still a single monolith commit to make it compile and the tests pass.
Demo
Adding https://gist.githubusercontent.com/konstin/68f3e5ea5e8f1a30a0c9096ae72925c1/raw/d1ae3b85d5a0f3c4bb562c7dfd38c3dafc04ec08/pyproject.json as json schema (v7) to pycharm for
pyproject.toml, you can try the IDE support already:dove.webm