Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

option to lock all tool dependencies #55

Closed
houbie opened this issue Nov 22, 2023 · 0 comments
Closed

option to lock all tool dependencies #55

houbie opened this issue Nov 22, 2023 · 0 comments
Labels
enhancement New feature or request
Milestone
2.0

Comments

@houbie
Copy link
Collaborator

houbie commented Nov 22, 2023

This PDM issue showed that even released versions of python tools can be broken by downstream dependency releases.
To really make sure that builds won't break, we need to lock all (recursive) dependencies.

Proposed solution:

  • use pip freeze to lock all packages in a tool context
  • store the result of pip freeze in pw.lock
  • add a --lock CLI option
  • always check if the lock file is up-to-date
  • modify the hash key generation for checking requirements changes: sort requirements before calculation
@houbie houbie added this to the 2.0 milestone Nov 22, 2023
@houbie houbie added the enhancement New feature or request label Dec 1, 2023
houbie pushed a commit that referenced this issue Dec 1, 2023
Optional locking of tool requirements in pw.lock. Closes #55
9d283a0
@houbie houbie closed this as completed in 0f772c5 Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
1 participant
@houbie