You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The validate command ensures that changes in .in are represented in .txt but does not ensure that changes in .txt are represented in .in. This means there is no automated way to easily ensure everything is configured properly if a user who isn't familiar with pip-compile-multi directly modifies the .txt file (per typical pip convention).
I'm not entirely sure how to solve this aside from having a hash stored within the .txt file which is a has of the expected .txt file's contents. Validate could then load the contents (minus header) and ensure the header's hash matches the computed content hash.
The text was updated successfully, but these errors were encountered:
This is by design, modifying .txt files manually is okay. If you want to validate versions in .txt files, I see three options:
Run pip check after installation - this will perform the same operations as pip-compile-multi during compilation.
Add a wrapper script (or a job in Makefile) that runs md5sum requirements/*.txt > requirements/hashes after compilations. In CI validate the checksums with md5sum -c requirements/hashes.
Open a PR to add a CLI flag --sha-includes-output (flag name is up for discussion) that will change the SHA1 hash computation logic to include the output strings too. In this case pip verify command should check for both options and fail only if neither hashes match the one stored. LMK if you want to go down this road and I can provide more guidance.
The
validate
command ensures that changes in.in
are represented in.txt
but does not ensure that changes in.txt
are represented in.in
. This means there is no automated way to easily ensure everything is configured properly if a user who isn't familiar withpip-compile-multi
directly modifies the.txt
file (per typical pip convention).I'm not entirely sure how to solve this aside from having a hash stored within the
.txt
file which is a has of the expected.txt
file's contents. Validate could then load the contents (minus header) and ensure the header's hash matches the computed content hash.The text was updated successfully, but these errors were encountered: