New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make targets build-debs[-notest]
fails on new circular dependency between PyPI packages flit_core
and tomli
#6137
Comments
build-debs[-notest]
fails on new circular dependency between PyPI packages flit
and tomli
build-debs[-notest]
fails on new circular dependency between PyPI packages flit_core
and tomli
To be exact: Dependency graph (excluding version constraints):
|
Summarizing synchronous discussion from today. We basically have two options here:
Option 2, then, is our path forward. It's got some shortcomings in that we cannot pin the hash in all places, particularly in the I'll aim to have a PR up by EOD, then toss to @cfm for review and backporting! |
Fixes #6137. Stop using distro pip from Focal (20.0.2-5ubuntu1.6) for managing the virtualenvs used for the securedrop-app-code package builds; instead, use 21.3 from PyPI. We can only update the hash in the in-line pip install actions for the temporary i18n venv. For the debian/rules invocation via dh-virtualenv, specifying a checksum for pip is not possible. Oh, well: we were already not pinning the hash on setuptools-scm in the debian/rules file. Also updated the pip dependencies pinned in the various requirements files, e.g. `{docker,develop}-requirements`, for consistency's sake, but note those changes don't unbreak package builds.
Fixes #6137. Stop using distro pip from Focal (20.0.2-5ubuntu1.6) for managing the virtualenvs used for the securedrop-app-code package builds; instead, use 21.3 from PyPI. We can only update the hash in the in-line pip install actions for the temporary i18n venv. For the debian/rules invocation via dh-virtualenv, specifying a checksum for pip is not possible. Oh, well: we were already not pinning the hash on setuptools-scm in the debian/rules file. Also updated the pip dependencies pinned in the various requirements files, e.g. `{docker,develop}-requirements`, for consistency's sake, but note those changes don't unbreak package builds. (cherry picked from commit 89063e4)
Description
Since October 10,
staging-test-with-rebase
fails inmake build-debs-notest
. This is likely to borkmake build-debs
for the current production release cycle too.Expected Behavior
https://app.circleci.com/pipelines/github/freedomofpress/securedrop/3075/workflows/6c173f25-a21a-40f6-a476-7b6f9c996b2b/jobs/57150
Actual Behavior
https://app.circleci.com/pipelines/github/freedomofpress/securedrop/3076/workflows/4a156c36-7049-4645-a6a8-c5583f658e99/jobs/57152
Comments
This looks like pypa/flit#451, for which the resolution may be to update pip ≥ 21.
The text was updated successfully, but these errors were encountered: