-
Notifications
You must be signed in to change notification settings - Fork 542
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support a default hub repo concept in bzlmod #2094
Comments
+1 For pypi and not pip
This is one additional reason why I've been keen to move dependency specifier lists into Starlark. |
I'm generally +1 on this idea. However, I don't see how this can reliably interact with lock files, i.e., how specific versions of a transitive closures can be merged and respected and work reliably. The issue is the inclusion of arbitrary requirements from elsewhere in the module graph.
I don't see how this would scale? Consider a triangle dependency situation:
A and B work fine on their own. Its only when they both end up in a transitive module graph structure that issues occur.
|
Yes, I should clarify as well. I'm only firmly +1 on the hub_name defaults. For the rest, I'm -1 Im not convinced on any lock file merging for similar reasons as @rickeylev. I don't believe that its generally solvable, which will lead to more issues than it solves, and more maintenance burden. I can be convinced of a solution where we let the root module re-lock against direct dependencies from transitive repositories, but even then, Im a little confused by the problems this is believed to solve. If somebody needs to compose code and dependencies at a python language level (not a bazel extension level), then I think the most standard path forward would be to publish packages (to PyPI or other) or to use git submodules or similar code sharing mechanisms to merge source code repositories. I don't think languages (outside golang), can safely compose |
I can imagine an API like:
And this basically acts like:
And I guess it would run requirements.in -> requirements.txt conversion during the bzlmod extension phase. This also necessitates that the resulting requirements.txt isn't implicitly platform specific. Adding version constraints to the |
Yes, rules_rust has something similar for crates in cargo. You can load crates from a cargo lockfile, but you can also load them from specs in Starlark: https://github.com/bazelbuild/rules_rust/blob/b5ecaea4b5996912693135ea14447d22271e9cd5/examples/bzlmod/proto/MODULE.bazel#L77
There's also a variation that looks like this:
And the following to relock I'd think it would be possible to do something similar in python. I think they have things a bit easier because I don't think they need to deal with an sdist vs wheel situation. But yeah, the |
🚀 feature request
Relevant Rules
pip.parse
Description
Currently the
pip.parse
needs thehub_name
parameter, which in reality is quite often set topypi
orpip
in the root module. In the non-root modules the users should be also able to usepip
orpypi
names and this could be the defaulthub_name
value.Describe the solution you'd like
Minimum (for 1.0.0):
hub_name
default value topypi
(it should not bepip
because we are not usingpip
here andpypi
is a more generic term).pip.parse
extension usage via theisolate
parameter.isolate
parameter if thehub_name
is not set, or if it is set topip
orpypi
valuesExtra (post 1.0.0):
pyproject.toml
and/or constraint files topip.parse
instead of the lock file itself. Enable users to lock the dependency tree via@pypi//:lock
target to generate a lock file in the users workspace. An alternative would be to merge the requirements in some way, but that could be harder. This greatly depends on Supportuv
as part ofrules_python
#1975 becauseuv
has a lot of different flags to allow overriding dependencies in the constraint files and may enable us to have a working solution. Merging the lock file by just blindly using the lowest version of all could work, but may not be reliable and the solution to properly do the locking may be required.The lock file merging is used in the
go
ecosystem and requiring users to either name the hub repo that collects the spoke repos or using a default name is the convention ofrules_go/gazelle
, see bazel-contrib/bazel-gazelle#1584. Also see bazelbuild/bazel#20186, which talks about stabilizing extension isolation feature. Havingrules_python
supporting it may be a good way to give feedback to bazel devs.See #2088 for a slightly related topic.
Describe alternatives you've considered
The main alternative would be to not support it and keep things as they are, but that could make it harder to implement the
isolation
later down the line. What is more, supportingisolation
of the extensions could make thepip
code simpler, because we could just ask the user to useisolate
if we see clashes.The text was updated successfully, but these errors were encountered: