/
pylock.spec.toml
122 lines (114 loc) · 5.5 KB
/
pylock.spec.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Terminology:
# environment -- A Python interpreter and OS that a lock entry targets.
# lock entry -- The locked distribution files for a specific environment.
# distribution -- A Python project/package that can be installed.
# -----
# Table of hashes of this file's contents; algorithm:value pairs.
# The hash is calculated by converting all tables to arrays of two-item
# arrays, joining all the values in order info a single string, and then
# hashing that string.
# This file is meant to be human-readable but machine-writable, so this makes
# sure people don't accidentally try to edit the file by hand and break
# associations between various parts of the file.
file-hashes = {_ = "..."}
# Metadata version of the file.
# Since this file is designed to be human-readable but machine-writable,
# versioning the metadata makes sense as we don't need to keep a
# backwards-compatible format for humans to directly work with and instead
# need a way to help tools migrate to newer metadata versions.
meta = "1.0"
# The date and time the lock file was created.
# This helps to know how fresh/old the lock file is.
# It can also facilitate appending more lock entries later on by relying on
# e.g. `upload-time` from the simple API (PEP 700) to know what worldview to
# lock against so all lock entries are cohesive.
created-at = 2022-01-12T00:33:00Z
# URLs to package indexes to use to find distributions.
# Recorded in most- to least-preferred order.
# Recording the indexes used helps when adding new lock entries by making
# the potential distributions consistent.
indexes = ["..."]
# Array of top-level dependency specifiers.
# This acts as the input of what to resolve for, so all details are to be
# included (e.g. extras, markers, etc.).
dependencies = ["..."]
# A specific environment's lock entry.
[[lock]]
markers = { _ = "..."} # Inline table of environment markers.
tags = ["..."] # Array of supported tag triples in most- to least-preferred order.
# A wheel file that's included in the lock entry (optional).
[[lock.wheel]]
# The distribution's normalized name.
# Cannot solely rely on the wheel filename to calculate this as the file name
# may not be a valid `.whl` file name due to
# https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references
# (technically a tool could download the arbitrary URL and inspect it to
# determine the wheel file details if one so desired).
# Having the name as a distinct key makes it easy to read.
name = "..."
# The wheel's file name.
filename = "..."
# URL or file path (via `file://`) where the wheel that was locked against was
# found.
# The location does not need to exist in the future, so this should be treated
# as only a hint to where to look and/or recording where the wheel file
# originally came from.
origin = "..."
# A table of file hashes; algorithm:value pairs.
# This makes sure that one is getting the wheel file that was locked
# against for reproducibility and security purposes.
hashes = { _ = "..." }
# Whether `origin` is the direct URL in terms of `direct_url.json`.
direct = false
# Python version requirement (optional).
# If an installer chooses to determine environment compatibility that is not
# as strict as an exact match of `lock.markers` and `lock.tags`, knowing the
# supporting Python versions is important to determine if this wheel file is
# compatible as this is not necessarily communicated via the wheel file name
# itself.
requires-python = "..."
# A list of normalized distribution names which this distribution depends on
# (optional).
# Viewing the overall lock entry as the entire worldview of distributions
# available, each entry can be just the distribution name (a perk of Python
# not allowing multiple distribution versions simultaneously).
# This allows for introspection as to why a distribution is included in the
# lock entry (i.e. calculate the dependency graph between distributions).
# Details like extras and markers are not necessary as the resolver has
# already handled them.
dependencies = ["..."]
# Source distribution (sdist) that's included in the lock entry (optional).
[[lock.sdist]]
name = "..." # See `lock.wheel.name`.
filename = "..." # See `lock.wheel.filename`.
origin = "..." # See `lock.wheel.origin`.
hashes = { _ = "..." } # See `lock.wheel.hashes`.
direct = false # See `lock.wheel.direct`.
requires-python = "..." # See `lock.wheel.requires-python`.
# See `lock.wheel.dependencies`.
dependencies = ["..."]
# An array of files that *can* be used or *were* used to build the sdist
# (optional).
# The acceptable keys are `wheel` and `sdist` and their values match what is
# acceptable under the same name directly under `[[lock]]`. Any future
# expansion of acceptable distribution types under `[[lock]]` will also be
# supported here.
# This effectively makes the table a self-contained lock entry just for this
# sdist with `build-system.requires` providing the value for `dependencies`.
[[lock.sdist.build-requires]]
# ...
# A Git repository of source code (optional).
# https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references
[[lock.git]]
name = "..." # See `lock.wheel.name`.
# URL to the Git repository.
# It may be a `file://` path.
repo = "..."
# The commit of the repository to use.
# It should be a specific commit and not a tag or branch as those can change.
commit = "..."
requires-python = "..." # See `lock.wheel.requires-python`.
dependencies = ["..."] # See `lock.wheel.dependencies`.
[[lock.git.build-requires]] # See `lock.sdist.build-requires`.
# Same as `pyproject.toml` (optional).
[tool]