Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Pipfile.lock or add some CI tests #1032

Closed
manics opened this issue Mar 29, 2021 · 1 comment · Fixed by #1054
Closed

Remove Pipfile.lock or add some CI tests #1032

manics opened this issue Mar 29, 2021 · 1 comment · Fixed by #1054
Labels
needs: discussion

Comments

@manics
Copy link
Member

manics commented Mar 29, 2021

dependabot has opened some updates against Pipfile.lock, including:

My understanding of Pipfile.lock is it allows you to have a fully reproducible working dev or test environment, but this implies we shouldn't merge dependency bumps to this file without testing them since semver compatible bumps may still contain bugs or unexpected interactions with other packages.

At the moment it's not tested in our GitHub workflows.

@betatim suggested removing it:

I don't know if anyone uses the Pipfile based dev setup. At least I think the Pipfile is only useful for a dev setup. In addition I think it is a feature/not a requirement that our dev setup works without a fully specified environment. We shouldn't be relying on pytest-some-plugin==1.2.3 (to pick a random sub-dependency). So overall I'd vote to remote the Pipfile stuff as a way of dealing with this.

What does everyone else think? If we want to keep it is someone willing to ensure it's tested so we can just click Merge on dependabot PRs?
This was referenced Mar 29, 2021
Merged
Closed
@betatim
Copy link
Member

betatim commented Mar 30, 2021

I am not sure I know anyone who uses the lock file -> if you do actively use it please speak up :)

I am also not sure what the benefit is of having a fully pinned dev environment. Our users can't install a fully pinned environment/we don't provide the information to them, so we should be testing and developing with "loose" dependencies as well. If repo2docker breaks because of this, this is a bug that needs fixing instead of pinning a dependency precisely to some specific version.

(For deploying/running repo2docker you might want a fully pinned environment but that use case isn't covered by the lock file, I think.)

@nichoio nichoio mentioned this issue May 8, 2021
Closed
yuvipanda added a commit to yuvipanda/repo2docker that referenced this issue Jul 3, 2021
@yuvipanda
Remove Pipfile & Pipfile.lock
78ae8b4 
- Seem unused - definitely not updated.
- I think pipenv has also lost a lot of its popularity
  over the last year or two

Fixes jupyterhub#1032
yuvipanda added a commit to yuvipanda/repo2docker that referenced this issue Jul 3, 2021
@yuvipanda
Remove Pipfile & Pipfile.lock
e7e4dd9 
- Seem unused - definitely not updated.
- I think pipenv has also lost a lot of its popularity
  over the last year or two
- This does not affect the Pipfile *buildpack*, so repos we
  build that have a Pipfile will not see any difference

Fixes jupyterhub#1032
@yuvipanda yuvipanda mentioned this issue Jul 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs: discussion
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove Pipfile & Pipfile.lock yuvipanda/repo2docker
2 participants
@betatim @manics