Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Don't depend on flake8 at runtime (#6830)" #7836

Merged
merged 1 commit into from
Aug 18, 2023
Merged

Revert "Don't depend on flake8 at runtime (#6830)" #7836

merged 1 commit into from
Aug 18, 2023
+3 −9

Conversation

jeffwidman
Copy link
Member

@jeffwidman jeffwidman commented Aug 17, 2023
edited

I realized I forgot to update the .python-version file to 3.8, so we're still installing an older flake8 version. And it's also breaking when :dependabot: runs on dependabot-core because it sees this 3.7 and says "that's not a supported version!"

Furthermore, we haven't configured :dependabot: to watch the ./requirements.txt which is separate from ./python/helpers/requirements.txt.

I started to update both of those but the complexity here didn't smell right. This way of installing flake8 is actually different than linters for other native helpers, where we just include them in composer.json, package.json, etc. So the intuitive thing is to install flake8 into ./python/helpers/requirements.txt.

In fact we used to do this, but in
#6830 / f407685 we switched to this new method because flake8 dropped 3.6 support before we were ready to do that here in :dependabot:.

Given that in :dependabot: we're moving toward aligning our support policies with upstream Python... ie, when they EOL a version, we will also drop support for it, then the risk of having a flake8 version that's dropping support for a Python version that isn't yet EOL is quite small.

Interestingly, flake8 was very slow to drop 3.6, but when they did, the maintainer also dropped 3.7 to save himself time even though it was a few months before it was EOL'd. So we could hit this scenario again... but I think the odds of that are somewhat low given the amount of blowback the maintainer got about dropping 3.7 before it was EOL'd. And regardless the consequences are also low... we'd simply revert that flake8 version bump and temporarily hold it back for a few months until the upstream python version was dropped.

Overall this feels like six one way, half a dozen the other as either way we are protecting against something. But switching back to how we do it for our other native helpers is both much simpler setup and also more internally consistent.

So let's solve this by reverting back to the simpler way of installing the linter alongside the helper.

As an aside, restoring this simplicity is yet another win from us choosing to align with upstream Python's EOL policy.

This reverts commit f407685.

@jeffwidman jeffwidman requested a review from a team as a code owner August 17, 2023 22:57
@jeffwidman jeffwidman force-pushed the revert-complex-flake8-install branch 2 times, most recently from 208f477 to 022a424 Compare August 17, 2023 23:00
@jeffwidman
Revert "Don't depend on flake8 at runtime (#6830)"
253ebdc 
I realized I forgot to update the `.python-version` file to `3.8`, so
we're still installing an older `flake8` version. And it's also breaking
when :dependabot: runs on `dependabot-core` because it sees this `3.7`
and says "that's not a supported version!"

Furthermore, we haven't configured :dependabot: to watch the
`./requirements.txt` which is separate from `./python/helpers/requirements.txt`.

I started to update both of those but the complexity here didn't smell
right. This way of installing `flake8` is actually different than
linters for other native helpers, where we just include them in
`composer.json`, `package.json`, etc. So the intuitive thing is to
install `flake8` into `./python/helpers/requirements.txt`.

In fact we used to do this, but in
#6830 / f407685
we switched to this new method because `flake8` dropped `3.6` support
before we were ready to do that here in :dependabot:.

Given that in :dependabot: we're moving toward aligning our support
policies with upstream Python... ie, when they EOL a version, we will
also drop support for it, then the risk of having a `flake8` version
that's dropping support for a Python version that isn't yet EOL is quite
small.

Interestingly, `flake8` was very slow to drop `3.6`, but when they did,
the maintainer also dropped `3.7` to save himself time even though it
was a few months before it was EOL'd. So we could hit this scenario
again... but I think the odds of that are somewhat low given the amount
of blowback the maintainer got about dropping 3.7 before it was EOL'd.
And regardless the consequences are also low... we'd simply revert
that `flake8` version bump and temporarily hold it back for a few months
until the upstream python version was dropped.

Overall this feels like six one way, half a dozen the other as either
way we are protecting against something. But switching back to how we do
it for our other native helpers is both much simpler setup and also more
internally consistent.

So let's solve this by reverting back to the simpler way of installing
the linter alongside the helper.

As an aside, restoring this simplicity is yet another win from us
choosing to align with upstream Python's EOL policy.

This reverts commit f407685.
@jeffwidman jeffwidman force-pushed the revert-complex-flake8-install branch from 022a424 to 253ebdc Compare August 18, 2023 23:18
@jeffwidman jeffwidman enabled auto-merge (squash) August 18, 2023 23:18
@jeffwidman jeffwidman merged commit 6071e1b into main Aug 18, 2023
90 checks passed
@jeffwidman jeffwidman deleted the revert-complex-flake8-install branch August 18, 2023 23:43
brettfo pushed a commit to brettfo/dependabot-core that referenced this pull request Oct 11, 2023
@jeffwidman
Revert "Don't depend on flake8 at runtime (dependabot#6830)" (dependa…
1194f30 
…bot#7836)

I realized I forgot to update the `.python-version` file to `3.8`, so
we're still installing an older `flake8` version. And it's also breaking
when :dependabot: runs on `dependabot-core` because it sees this `3.7`
and says "that's not a supported version!"

Furthermore, we haven't configured :dependabot: to watch the
`./requirements.txt` which is separate from `./python/helpers/requirements.txt`.

I started to update both of those but the complexity here didn't smell
right. This way of installing `flake8` is actually different than
linters for other native helpers, where we just include them in
`composer.json`, `package.json`, etc. So the intuitive thing is to
install `flake8` into `./python/helpers/requirements.txt`.

In fact we used to do this, but in
dependabot#6830 / f407685
we switched to this new method because `flake8` dropped `3.6` support
before we were ready to do that here in :dependabot:.

Given that in :dependabot: we're moving toward aligning our support
policies with upstream Python... ie, when they EOL a version, we will
also drop support for it, then the risk of having a `flake8` version
that's dropping support for a Python version that isn't yet EOL is quite
small.

Interestingly, `flake8` was very slow to drop `3.6`, but when they did,
the maintainer also dropped `3.7` to save himself time even though it
was a few months before it was EOL'd. So we could hit this scenario
again... but I think the odds of that are somewhat low given the amount
of blowback the maintainer got about dropping 3.7 before it was EOL'd.
And regardless the consequences are also low... we'd simply revert
that `flake8` version bump and temporarily hold it back for a few months
until the upstream python version was dropped.

Overall this feels like six one way, half a dozen the other as either
way we are protecting against something. But switching back to how we do
it for our other native helpers is both much simpler setup and also more
internally consistent.

So let's solve this by reverting back to the simpler way of installing
the linter alongside the helper.

As an aside, restoring this simplicity is yet another win from us
choosing to align with upstream Python's EOL policy.

This reverts commit f407685.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deivid-rodriguez deivid-rodriguez deivid-rodriguez approved these changes

Assignees
No one assigned
Labels
L: python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jeffwidman @deivid-rodriguez