You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 20, 2020. It is now read-only.
At the moment we pass the requirements.txt directly into pip wheel. This will automatically resolve transitive dependencies which we then install.
This behavior is not ideal as pip has a naive resolution mechanism of "first found". This can lead to unintended version bumps which break the hermetic promise of Bazel. Dependency resolution is also an expensive operation, especially for PyPI packages that need to be built.
It should be considered whether dependency resolution should be opt-in by default, for performance and hermiticity. This perhaps goes hand in hand with a "pin" concept similar to rules_jvm_external.
Note, this is not a proposal to remove the automatic dependency linking of pip packages once they are installed. i.e there should be no need to specify transitive dependencies in the deps of py targets.
The text was updated successfully, but these errors were encountered:
FWIW, if you're going with the pinning concept of r_j_e, I recommend using .bzl as the lockfile format instead of JSON for better interoperability with the rest of the Bazel tooling.
At the moment we pass the
requirements.txt
directly intopip wheel
. This will automatically resolve transitive dependencies which we then install.This behavior is not ideal as pip has a naive resolution mechanism of "first found". This can lead to unintended version bumps which break the hermetic promise of Bazel. Dependency resolution is also an expensive operation, especially for PyPI packages that need to be built.
It should be considered whether dependency resolution should be opt-in by default, for performance and hermiticity. This perhaps goes hand in hand with a "pin" concept similar to rules_jvm_external.
Note, this is not a proposal to remove the automatic dependency linking of pip packages once they are installed. i.e there should be no need to specify transitive dependencies in the
deps
ofpy
targets.The text was updated successfully, but these errors were encountered: