Prepare release 0.2.1 #22
Conversation
Migrate to the latest stable Bionic Beaver (18.04) Ubuntu distribution. The old version `phusion/baseimage:0.11` is over two years old and at the point of writing contains 4 critical security vulnerabilities. We cannot yet migrate straight to Focal Fossa (20.04) since only an alpha version release is available for now.
There are two different packages available on conda: `ruamel.yaml` and `ruamel_yaml`. Pip cannot distinguish them, therefore we have to install `ruamel.yaml` via conda.
There was a problem hiding this comment.
Thanks @yakutovicha
Would you mind including more explanation in the comment, including when/if the workaround can be removed?
Also, is there a way to test something in order to make sure this issue does not return?
So far the tests of the docker image are very minimal; testing a few python imports etc. might make sense as well?
|
This PR is actually for the release, to merge the bugfix, and the new base image (again, with bug fixes). The issue is discussed quilte in detail here: aiidateam/aiida-core#4339. I cannot know when it will be fixed by pip guys, honestly.
The issue popped up in the aiida-core image, when trying to import pymatgen, which requires |
Right. I'm not quite sure what you are saying with this - do you mean I should therefore not review the changes?
Sure - this is a very long thread. What I am suggesting is that it would be useful to give someone who is looking through the code a quick way to decide whether the workaround is still needed.
Is it not possible to test it here? |
No, I don't mean this. I mean the following. When I work with a repository/package, I try to adhere to the gitflow principles. This implies that every new feature/bugfix/update will be introduced via PR from the
In a case reviewer disagrees with the first point, I close the PR and I add the missing changes. In case the reviewer agrees with both of them - they approve the PR and I go on. What I am strongly against of doing is introducing the changes in the release PR.
Following the gitflow strategy, I guess we are all trying to introduce the changes via PRs. Most of the time PRs are visible, already reviewed and contain (hopefully) clear title/description. One can check the PR status by clicking on the corresponding link accompanying the commit. It is hard for me to understand why even more additional information needs to be provided if we already spend time on making things easily available and clear.
We can close the PR and make a new PR to add those changes, or we can merge the PR and introduce those changes afterwards. Both are fine with me.
I agree, we can add such a check in this repo. More specifically I would go for installing |
Sure, I agree.
Well, just to explain it from the reviewer's point of view: I was not involved in the previous commits to One can certainly also imagine taking a different approach here, which is what we tend to do in aiida-core, where one can be sure that all of the changes to I'm just saying that when I saw the request, I first thought that you had the first option in mind; then your comment made me think it was the second option.
Also both fine with me.
I think that would make sense - without an explicit test it is quite difficult for someone new looking at the code to understand what is being fixed by the workaround. |
Just to comment on this specific point: I would be really surprised if this was fixed by a change in |
No description provided.