-
-
Notifications
You must be signed in to change notification settings - Fork 441
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
semver: Better support for PEP440 suffixes #1275
Conversation
Based on PEP 440, it’s not just |
Is the right way to add those chars to the regex or is there a better to incorporate this? |
semver.nix
Outdated
@@ -53,7 +53,7 @@ let | |||
}; | |||
re = { | |||
operators = "([=><!~^]+)"; | |||
version = "([0-9.*x]+)"; | |||
version = "([0-9.*xdev]+)"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think you want dev
outside of [], maybe
version = "([0-9.*x]+(dev.*)?)"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, any regex with .*
(outside of the brackets []
, where it just means those two literal characters) is guaranteed to be broken.
In this case, for example, overly broad matches of .*
will break version ranges:
1.2.3dev1 - 1.2.6
^^^^^^^^^
matches .*
(Although it’s unclear to me why we support ranges with -
here when, as far as I can see, Poetry has no such thing.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep you're right, also seen the comment above about PEP 440.
I can craft & test a regex that will match PEP 440, but to @DolceTriade 's point - is there a better way to do it, like utilize a python lib?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Responded to this in the main comments, but unless I'm mistaken, this will require us to write to the store for every check if we want to use a shell/python script to check versions, so for that reason, I less than optimal, but generally working Nix version might be preferable.
Hmm, I think there’s a bigger problem here though. After parsing these versions, we’re passing them to |
https://packaging.pypa.io/en/stable/version.html is a thing and it handles it pretty well...
Should we shell out to this instead of nix based regex parsing? Edit: I guess the right thing would be to just use poetry core if we're going to shell out... |
So I just updated the PR to use a more generic regex. It's intentionally overly broad to capture whatever people might want to put in the versions. I suppose there is no guarantee that PEP440 will be followed anyways so we should still allow these versions to be parsed. Of course, noting these pythonisms will be broken when using Lastly, I looked into writing a python script, but that seems like it would require writing to the store for every check, which seems wasteful so I opted to not do that. WDYT? |
If we have packages like ``` [package.dependencies] pytz = "*" setuptools = ">=0.7" six = ">=1.4.0" tzlocal = ">=2.0,<3.dev0 || >=4.dev0" ``` or ``` [[package]] name = "ndg-httpsclient" version = "0.5.1" description = "Provides enhanced HTTPS support for httplib and urllib2 using PyOpenSSL" optional = false python-versions = ">=2.7,<3.0.dev0 || >=3.4.dev0" files = [ {file = "ndg_httpsclient-0.5.1-py2-none-any.whl", hash = "sha256:d2c7225f6a1c6cf698af4ebc962da70178a99bcde24ee6d1961c4f3338130d57"}, {file = "ndg_httpsclient-0.5.1-py3-none-any.whl", hash = "sha256:dd174c11d971b6244a891f7be2b32ca9853d3797a72edb34fa5d7b07d8fff7d4"}, {file = "ndg_httpsclient-0.5.1.tar.gz", hash = "sha256:d72faed0376ab039736c2ba12e30695e2788c4aa569c9c3e3d72131de2592210"}, ] ``` We can get errors like `error: Constraint "<3.0.dev0" could not be parsed`. This PEP (https://peps.python.org/pep-0440/#inclusive-ordered-comparison) suggests that these versions are legit and thus poetry2nix should be able to parse them. This support isn't perfect because it's overly broad and ultimately still uses `builtins.compareVersions` which inherently cannot be compatible with pythonisms. This seems to be good enough, however to allow these packages to be built with the correct versions.
Mind elaborating on this one? |
My understanding is that if you want to shell out to an external program for nix, you have to create a derivation to run that script (which involves writing to the store to "build" it, and then writing to the store for when you write the result to If we could shell out, then this would be trivial as we could use poetry's own libs to manage constraints. |
Coming back to this: there's 2 issues to tackle.
Regarding shelling out, I think you're correct, but it also seems like poetry2nix already does rely on python scripts. [1] From PEP 440:
|
Perhaps the |
Oh dang, completely missed that. It looks like he already implemented it here: https://github.com/adisbladis/pyproject.nix/blob/master/lib/pep440.nix . |
Poetry2nix PEP440 support has been reimplemented on top of https://nix-community.github.io/pyproject.nix/lib/pep440.html in #1376. |
If we have packages like
or
We can get errors like
error: Constraint "<3.0.dev0" could not be parsed
. This PEP(https://peps.python.org/pep-0440/#inclusive-ordered-comparison)
suggests that these versions are legit and thus poetry2nix should be
able to parse them.
This support isn't perfect because it's overly broad and ultimately
still uses
builtins.compareVersions
which inherently cannot becompatible with pythonisms.
This seems to be good enough, however to allow these packages to be
built with the correct versions.