Specify min/max versions for all dependencies in setup.py

[zaneselvans]

At @ezwelty's suggestion (after some unexpected breakage) I've tried to set minimum and maximum versions for all of our direct dependencies in setup.py so that unexpected major breaking updates should be much less frequent. I'm not entirely sure how this will interact with our use of environment.yml to specify the pudl-dev environment, but so far it seems to work fine with tox and pip. Recreating my pudl-dev environment locally from scratch, and then installing pudl inside it using pip seems to work fine though.

[codecov]

Codecov Report

Merging #875 (a84dca4) into sprint29 (1503422) will decrease coverage by 0.58%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##           sprint29     #875      +/-   ##
============================================
- Coverage     67.71%   67.13%   -0.58%     
============================================
  Files            44       44              
  Lines          5556     5556              
============================================
- Hits           3762     3730      -32     
- Misses         1794     1826      +32     

Impacted Files	Coverage Δ
src/pudl/workspace/datastore.py	48.42% <0.00%> (-12.63%)	⬇️
src/pudl/analysis/service_territory.py	29.03% <0.00%> (-6.45%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1503422...a84dca4. Read the comment docs.

[ezwelty]

@zaneselvans It will be tidier to use compatible release clauses (https://www.python.org/dev/peps/pep-0440/#compatible-release). For example:

• >=1.2.0, <1.3.0 => ~=1.2.0
• >=1.2, <2.0 => ~=1.2

Also, did you forget flake8-rst-docstrings? Otherwise, the version logic seems good to me.

[ezwelty]

Missing version constraints.

[zaneselvans]

The most recent version was 0.0.14 and so I wasn't sure what to do with it! Restricting to <0.1.0 seemed a bit odd.

[ezwelty]

This looks like a good place to start, by at least protecting us from automatic upgrades most likely to introduce breaking changes.

I've been using poetry to manage dependencies in new python projects, and it uses a "lock file" with resolved dependency versions (which gets committed to the repository) so that all environments match exactly – essentially equivalent to pinning all versions explicitly, but with the benefit of having a layer of software figuring out which combination actually works. But since there are difficulties with using poetry + conda, I don't necessarily recommend it here.

It makes me nervous to have dependency versions specified twice – in setup.py and environment.yml. But a quick internet search did not yield easy answers on how to populate, say, setup.py from a YML file.

[zaneselvans]

Yeah, I am not a fan of specifying the versions twice either. :-/