Freeze Python Dependencies Versions for Better Stability and Reproducibility

[ThomasSanson]

Hello,

I would like to propose that we freeze the versions of all Python dependencies in this Ansible project. This will help ensure better stability and reproducibility of the project.

Here are the main arguments in favor of freezing the versions of dependencies:

1. Stability: By pinning the dependencies to specific versions, we can minimize the risk of unexpected breaking changes in newer releases. This ensures that our project remains stable and functioning as expected, even as the dependencies evolve.

2. Reproducibility: Freezing the dependency versions allows for consistent and reproducible builds across different environments. This is particularly important for a project like Ansible, where users may be deploying the software in various environments with different versions of Python and other dependencies.

3. Easier troubleshooting: If a user encounters an issue with the project, having frozen dependencies makes it simpler to identify and resolve the problem, as we can be sure that the user is running the same versions of the dependencies as the developers.

4. Simpler upgrades: When it's time to upgrade the dependencies, the process becomes more manageable. We can evaluate and test the impact of each dependency upgrade individually, ensuring that the project remains stable and functional.

To implement this, we can use a requirements.txt file, which lists all the dependencies along with their respective version numbers. Here's an example of what this file might look like:

ansible==2.9.21
boto3==1.17.112
botocore==1.20.112
Jinja2==2.11.3
MarkupSafe==1.1.1
python-dateutil==2.8.1
PyYAML==5.4.1
six==1.16.0

By freezing the versions of our Python dependencies, we can ensure a more stable and reliable experience for both developers and users. Please let me know your thoughts on this proposal, and if you have any questions or concerns.

An instance of an unwanted outcome can be observed at the following link: #309 (comment)

Best regards,

[vitabaks]

Currently requirements.dev.txt

ansible-lint==6.15.0
yamllint==1.31.0
molecule==5.0.0
molecule-plugins[docker]==23.4.0
docker==6.0.1
ansible-compat==3.0.1

https://github.com/vitabaks/postgresql_cluster/blob/master/requirements.dev.txt

what other packages need to be frozen for the development and testing environment?

@ThomasSanson Could you prepare a PR? Thanks!

[ThomasSanson]

We should list the dependencies using a pip freeze command and manage both the development side (requirements.dev.txt) and the production side (requirements.txt).

A small off-topic clarification:
I create issues in a generic way, so if someone feels like addressing them (through a pull request), that's great; otherwise, it will be on my to-do list.

So yes, if no one takes care of it, I will create the pull request myself 😇.

I hope this approach works for you, @vitabaks , as it helps me keep track of tasks to be completed (without any sense of urgency, as in this case) and contributes to the backlog.