From c2665b45ec18ca40cf7b185f5c5622ab14cec48c Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Fri, 25 Oct 2024 23:36:41 -0400 Subject: [PATCH] Remove peep process --- .github/ISSUE_TEMPLATE/Feature_request.md | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 4 +- .github/workflows/ci.yaml | 2 - MANIFEST.in | 1 - peeps/PEEP-000.md | 9 ---- peeps/PEEP-001.md | 23 -------- peeps/PEEP-002.md | 33 ------------ peeps/PEEP-003.md | 9 ---- peeps/PEEP-004.md | 9 ---- peeps/PEEP-005.md | 65 ----------------------- peeps/PEEP-006.md | 62 --------------------- peeps/PEEP-044.md | 54 ------------------- peeps/PEEP-TEMPLATE.md | 9 ---- pyproject.toml | 3 +- tests/integration/test_install_markers.py | 2 +- 15 files changed, 4 insertions(+), 283 deletions(-) delete mode 100644 peeps/PEEP-000.md delete mode 100644 peeps/PEEP-001.md delete mode 100644 peeps/PEEP-002.md delete mode 100644 peeps/PEEP-003.md delete mode 100644 peeps/PEEP-004.md delete mode 100644 peeps/PEEP-005.md delete mode 100644 peeps/PEEP-006.md delete mode 100644 peeps/PEEP-044.md delete mode 100644 peeps/PEEP-TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE/Feature_request.md b/.github/ISSUE_TEMPLATE/Feature_request.md index e02f479c4a..e8db8a47d3 100644 --- a/.github/ISSUE_TEMPLATE/Feature_request.md +++ b/.github/ISSUE_TEMPLATE/Feature_request.md @@ -5,7 +5,7 @@ about: Suggest an idea for this project Be sure to check the existing issues (both open and closed!), and make sure you are running the latest version of Pipenv. -Check the [diagnose documentation](https://pipenv.pypa.io/en/latest/diagnose/) for common issues and the [PEEP list](https://github.com/pypa/pipenv/blob/master/peeps/) before posting! We may close your issue if it is very similar to one of them. Please be considerate and follow the PEEP process, or be on your way. +Check the [diagnose documentation](https://pipenv.pypa.io/en/latest/diagnose/) for common issues as well as the GitHub Issues page. Make sure to mention your debugging experience if the documented solution failed. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index f7c77d1354..baeff4d90b 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -7,9 +7,7 @@ What is the thing you want to fix? Is it associated with an issue on GitHub? Ple Always consider opening an issue first to describe your problem, so we can discuss what is the best way to amend it. Note that if you do not describe the goal of this change or link to a related issue, the maintainers may close the PR without further review. -If your pull request makes a non-insignificant change to Pipenv, such as the user interface or intended functionality, please file a PEEP. - - https://github.com/pypa/pipenv/blob/master/peeps/PEEP-000.md +If your pull request makes a non-insignificant change to Pipenv, such as the user interface or intended functionality, please open a discussion or issue report first. ### The fix diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d502f32612..a38021c9e0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -22,7 +22,6 @@ on: - "**/*.txt" - "examples/**" - "news/**" - - "peeps/**" branches: - main pull_request: @@ -36,7 +35,6 @@ on: - "**/*.txt" - "examples/**" - "news/**" - - "peeps/**" permissions: contents: read # to fetch code (actions/checkout) jobs: diff --git a/MANIFEST.in b/MANIFEST.in index 24bc6e9a04..c3cd9e40c1 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -23,7 +23,6 @@ recursive-include docs/_templates *.html recursive-include docs/_static *.js *.css *.png recursive-exclude tests/test_artifacts *.pyd *.so *.pyc *.egg-info PKG-INFO -prune peeps prune .azure-pipelines prune .github prune pipenv/vendor/importlib_metadata/tests diff --git a/peeps/PEEP-000.md b/peeps/PEEP-000.md deleted file mode 100644 index 5f8a29786b..0000000000 --- a/peeps/PEEP-000.md +++ /dev/null @@ -1,9 +0,0 @@ -# PEEP-000: Pipenv Enhancement Proposals - -**ACCEPTED** - -Pipenv Enhancement Proposals (PEEPs) will be used for proposing any changes to Pipenv's user–interface or intended functionality. - -☤ - -This is the first PEEP. All non–insignificant changes to Pipenv will require a PEEP. The governance model for Pipenv, including the process for future PEEP acceptance will be defined in [PEEP-001](https://github.com/pypa/pipenv/blob/master/peeps/PEEP-001.md). diff --git a/peeps/PEEP-001.md b/peeps/PEEP-001.md deleted file mode 100644 index 39a9719ceb..0000000000 --- a/peeps/PEEP-001.md +++ /dev/null @@ -1,23 +0,0 @@ -# PEEP-001: Pipenv Governance Model - -**ACCEPTED** - -Pipenv will be governed by a BDFL (Kenneth Reitz), and a board of maintainers (trusted collaborators to the project on GitHub). - -☤ - -## BDFL Responsibility & PEEP Acceptance - -The approval of future PEEPs is the responsiblity of the BDFL, unless they defer the decision–making to the trusted board of maintainers, for a given PEEP. The BDFL may write new PEEPs at any time. - -## Trusted Maintainer Responsibility - -- Maintain Pipenv's already–established interface — prevent it from eroding. -- Polish what already exists. Do not craft. -- Enforce the PEEP process. - -## Community Responsibility - -- Reduce the burden on the maintainers by not requesting new features or changes in functionality, unless by the PEEP process. -- Avoid writing PEEPs, unless it seems absolutely neccessary, and in the best interest of the entire Python community. -- Remember, all deltas are risks. diff --git a/peeps/PEEP-002.md b/peeps/PEEP-002.md deleted file mode 100644 index d406e04f72..0000000000 --- a/peeps/PEEP-002.md +++ /dev/null @@ -1,33 +0,0 @@ -# PEEP-002: Specify options via environment variables - -**ACCEPTED** (being implemented) - -This PEEP describes an addition that would allow configuring Pipenv options via environment variables suitable especially for automated systems or CI/CD systems. - -☤ - -Systems running not only on containerized solutions (like Kubernetes or OpenShift) are often parametrized via environment variables. The aim of this PEEP is to provide an extension to the current Pipenv implementation that would simplify parametrizing options passed via environment variables. - -The current implementation requires most of the options to be passed via command line. It is possible to adjust some of the command line options via pre-defined names of environment variables (such as ``PIPENV_PYTHON``) but this approach does not allow to define environment variables for all of the options that can be possibly passed to Pipenv. - -The proposed approach is to re-use existing options passing via environment variables avaliable in [click](http://click.pocoo.org/5/options/#values-from-environment-variables>) (bundled with Pipenv). All of the options for available Pipenv's sub-commands can directly pick options passed via environment variables: - -```console -$ export PIPENV_INSTALL_DEPLOY=1 -$ export PIPENV_INSTALL_VERBOSE=1 -$ pipenv install -``` - -The naming schema for environment variables configuring options is following: - -``` -PIPENV__ -``` - -where sub-command is an uppercase name of Pipenv's sub-command (such as `install`, `run` or others) and option name is the name of Pipenv's sub-command option all in uppercase. Any dashes are translated to underscores; flags accept `1` signalizing the flag to be present. - -The naming schema guarantees no clashes for the already existing Pipenv configuration using environment variables. - -The proposed configuration via environment variables is available for Pipenv sub-commands. Options supplied via command line have higher priority than the ones supplied via environment variables. - -Author: Fridolín Pokorný diff --git a/peeps/PEEP-003.md b/peeps/PEEP-003.md deleted file mode 100644 index 7744e7287a..0000000000 --- a/peeps/PEEP-003.md +++ /dev/null @@ -1,9 +0,0 @@ -# PEEP-003: Revocation of Power of BDFL - -**ACCEPTED** - -Pipenv will be governed by a board of maintainers (trusted collaborators to the project on GitHub), not a BDFL. - -The BDFL retains his title, however, revokes himself of his powers. - -PEEP approval will be determined by available members of the board of maintainers, in private or public channels. diff --git a/peeps/PEEP-004.md b/peeps/PEEP-004.md deleted file mode 100644 index a3dc8c3304..0000000000 --- a/peeps/PEEP-004.md +++ /dev/null @@ -1,9 +0,0 @@ -## PEEP-004: Subcommands - -NOT YET ACCEPTED - -Pipenv will automatically run commands like "pipenv deploy" if the "pipenv-deploy" binary is available on the path. - -These subcommands cannot overwrite built-in commands. - -These subcommands will receive environment variables with contextual information. diff --git a/peeps/PEEP-005.md b/peeps/PEEP-005.md deleted file mode 100644 index 2cc0279f91..0000000000 --- a/peeps/PEEP-005.md +++ /dev/null @@ -1,65 +0,0 @@ -# PEEP-005: Do Not Remove Entries from the Lockfile When Using `--keep-outdated` - -**PROPOSED** - -This PEEP describes a change that would retain entries in the Lockfile even if they were not returned during resolution when the user passes the `--keep-outdated` flag. - -☤ - -The `--keep-outdated` flag is currently provided by Pipenv for the purpose of holding back outdated dependencies (i.e. dependencies that are not newly introduced). This proposal attempts to identify the reasoning behind the flag and identifies a need for a project-wide scoping. Finally, this proposal outlines the expected behavior of `--keep-outdated` under the specified circumstances, as well as the required changes to achieve full implementation. - -## Retaining Outdated Dependencies - -The purpose of retaining outdated dependencies is to allow the user to introduce a new package to their environment with a minimal impact on their existing environment. In an effort to achieve this, `keep_outdated` was proposed as both a flag and a Pipfile setting [in this issue](https://github.com/pypa/pipenv/issues/1255#issuecomment-354585775), originally described as follows: - -> pipenv lock --keep-outdated to request a minimal update that only adjusts the lock file to account for Pipfile changes (additions, removals, and changes to version constraints)... and pipenv install --keep-outdated needed to request only the minimal changes required to satisfy the installation request - -However, the current implementation always fully re-locks, rather than only locking the new dependencies. As a result, dependencies in the `Pipfile.lock` with markers for a python version different from that of the running interpreter will be removed, even if they have nothing to do with the current changeset. For instance, say you have the following dependency in your `Pipfile.lock`: - -```json -{ - "default": { - "backports.weakref": { - "hashes": [...], - "version": "==1.5", - "markers": "python_version<='3.4'" - } - } -} -``` - -If this lockfile were to be re-generated with Python 3, even with `--keep-outdated`, this entry would be removed. This makes it very difficult to maintain lockfiles which are compatible across major python versions, yet all that would be required to correct this would be a tweak to the implementation of `keep-outdated`. I believe this was the goal to begin with, but I feel this behavior should be documented and clarified before moving forward. - -## Desired Behavior - -1. The only changes that should occur in `Pipfile.lock` when `--keep-outdated` is passed should be changes resulting from new packages added or pin changes in the project `Pipfile`; -2. Existing packages in the project `Pipfile.lock` should remain in place, even if they are not returned during resolution; -3. New dependencies should be written to the lockfile; -4. Conflicts should be resolved as outlined below. - -## Conflict Resolution - -If a conflict should occur due to the presence in the `Pipfile.lock` of a dependency of a new package, the following steps should be undertaken before alerting the user: - -1. Determine whether the previously locked version of the dependency meets the constraints required of the new package; if so, pin that version; -2. If the previously locked version is not present in the `Pipfile` and is not a dependency of any other dependencies (i.e. has no presence in `pipenv graph`, etc), update the lockfile with the new version; -3. If there is a new or existing dependency which has a conflict with existing entries in the lockfile, perform an intermediate resolution step by checking: - a. If the new dependency can be satisfied by existing installs; - b. Whether conflicts can be upgraded without affecting locked dependencies; - c. If locked dependencies must be upgraded, whether those dependencies ultimately have any dependencies in the `Pipfile`; - d. If a traversal up the graph lands in the `Pipfile`, create _abstract dependencies_ from the `Pipfile` entries and determine whether they will still be satisfied by the new version; - e. If a new pin is required, ensure that any subdependencies of the newly pinned dependencies are therefore also re-pinned (simply prefer the updated lockfile instead of the cached version); - -4. Raise an Exception alerting the user that they either need to do a full lock or manually pin a version. - -## Necessary Changes - -In order to make these changes, we will need to modify the dependency resolution process. Overall, locking will require the following implementation changes: - -1. The ability to restore any entries that would otherwise be removed when the `--keep-outdated` flag is passed. The process already provides a caching mechanism, so we simply need to restore missing cache keys; -2. Conflict resolution steps: - a. Check an abstract dependency/candidate against a lockfile entry; - b. Requirements mapping for each dependency in the environment to determine if a lockfile entry is a descendent of any other entries; - - -Author: Dan Ryan diff --git a/peeps/PEEP-006.md b/peeps/PEEP-006.md deleted file mode 100644 index 5a3739e1e9..0000000000 --- a/peeps/PEEP-006.md +++ /dev/null @@ -1,62 +0,0 @@ -# PEEP-006: Include all deps in output of `pipenv lock -r --dev` - -This proposal makes the behavior of `pipenv lock --requirements --dev` -consistent with the behaviour of other commands: converting all dependencies, -not just the development dependencies. - -☤ - -If you type `pipenv lock --help` the help document says: - -```bash --d, --dev Install both develop and default packages. [env var:PIPENV_DEV] -``` - -That is not accurate and confusing for `pipenv lock -r`, which only produces the develop requirments. - -This PEEP proposes to change the behavior of `pipenv lock -r -d` to produce **all** requirements, both develop -and default. The help string of `-d/--dev` will be changed to **"Generate both develop and default requirements"**. - -As the existing behaviour was intended to support generating traditional `dev-requirements.txt` -files, a new flag, `--dev-only`, will be introduced to restrict output to development requirements only. - -When the new `pipenv lock` specific flag is used, the common `-d/--dev` flag is redundant, but -ignored (i.e. `pipenv lock -r --dev-only` and `pipenv lock -r --dev --dev-only` do the same thing). -If `--dev-only` is specified without `-r/--requirements`, then `PipenvOptionsError` will be thrown. - -As part of this change, `pipenv lock --requirements` will be updated to emit a comment header -indicating that the file was autogenerated, and the options passed to `pipenv lock`. This will use -the following `pip-compile` inspired format: - - # - # These requirements were autogenerated by pipenv - # To regenerate from the project's Pipfile, run: - # - # pipenv lock --requirements - # - -`--dev` or `--dev-only` will be append to the emitted regeneration command if -those options are set. - -To allow this new header to be turned off, `pipenv lock --requirements` will also support the same -`--header/--no-header` options that `pip-compile` offers. - -In the first release including this change, and in releases for at least 6 months from that date, -the emitted header will include the following note when the `--dev` option is set: - - # Note: in pipenv 2020.x, "--dev" changed to emit both default and development - # requirements. To emit only development requirements, pass "--dev-only". - -## Impact - -The users relying on the old behavior will get more requirements listed in the -``dev-requirements.txt`` file, which in most cases is harmless. They can pass -the `--dev-only` flag after updating `pipenv` to achieve the same thing as before. - -## Related issues: - -- #3316 - -## Related pull requests: - -- #4183 diff --git a/peeps/PEEP-044.md b/peeps/PEEP-044.md deleted file mode 100644 index 38d60dd3bb..0000000000 --- a/peeps/PEEP-044.md +++ /dev/null @@ -1,54 +0,0 @@ -# PEEP-044: safety-db integration, squelch, and output. - -pipenv check needs offline, ci, and other output capabilities. - -☤ - -Not everyone can utilize pipenv check and access the internet. Safety check knew this -and that is why they created safety-db. This repository contains a json database that -is updated monthly. Safety check allows you to pass a --db flag that is a local directory -containing that database. Safety check also allows you to pass --json, --bare, and ---full-report. Pipenv check has their own way of displaying the results that is why I -believe there should be a --output flag that allows users to specify json, bare, -and full-report from safety check and default for the current pipenv check output. -Currently, pipenv check has a lot of stdout messages and makes it harder to pipe -the results into something to be checked (especially for continuous integration -pipelines). That is why adding a --squelch switch is also important. This will be -default False (display all stdout); however, the user has the option to add the ---squelch switch to make the output only come from safety check. - -## Current implementation: -### Example 1 -``` bash -pipenv check -Checking PEP 508 requirements... -Passed! -Checking installed package safety... -25853: insecure-package <0.2.0 resolved (0.1.0 installed)! -This is an insecure package with lots of exploitable security vulnerabilities. -``` -### Example 2 -``` bash -pipenv check | jq length -parse error: Invalid numeric literal at line 1, column 9 -``` - -## Future implementation: -### Example 1 -``` bash -pipenv check --db /Users/macbookpro/workspace/test/safety-db/data/ --output json --squelch -[ - [ - "insecure-package", - "<0.2.0", - "0.1.0", - "This is an insecure package with lots of exploitable security vulnerabilities.", - "25853" - ] -] -``` -### Example 2 -``` bash -pipenv check --db /Users/macbookpro/workspace/test/safety-db/data/ --output json --squelch | jq length -1 -``` diff --git a/peeps/PEEP-TEMPLATE.md b/peeps/PEEP-TEMPLATE.md deleted file mode 100644 index 8c5e3a9f6e..0000000000 --- a/peeps/PEEP-TEMPLATE.md +++ /dev/null @@ -1,9 +0,0 @@ -# PEEP-042: Title Goes Here - -A brief, one–sentence description goes here. - -☤ - -A longer (but as concise as possible) description goes here. - -Code blocks, lists, and other Markdown features are encouraged to be used, when needed. diff --git a/pyproject.toml b/pyproject.toml index f93da5ed6e..7b0eb1a1dc 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -202,7 +202,7 @@ addopts = "-ra --no-cov" plugins = "xdist" testpaths = [ "tests" ] # Add vendor and patched in addition to the default list of ignored dirs -# Additionally, ignore tasks, news, test subdirectories and peeps directory +# Additionally, ignore tasks, news, test subdirectories norecursedirs = [ ".*", "build", @@ -218,7 +218,6 @@ norecursedirs = [ "docs", "tests/test_artifacts", "tests/pypi", - "peeps", ] filterwarnings = [ ] # These are not all the custom markers, but most of the ones with repeat uses diff --git a/tests/integration/test_install_markers.py b/tests/integration/test_install_markers.py index 33620b40b3..d3ffd79254 100644 --- a/tests/integration/test_install_markers.py +++ b/tests/integration/test_install_markers.py @@ -136,7 +136,7 @@ def test_global_overrides_environment_markers(pipenv_instance_private_pypi): @pytest.mark.markers @pytest.mark.complex @pytest.mark.skipif( - sys.version_info == (3, 8), reason="Test package that gets installed is different on 3.8" + sys.version_info[:2] == (3, 8), reason="Test package that gets installed is different on 3.8" ) def test_resolver_unique_markers(pipenv_instance_pypi): """Test that markers are properly cleaned and not duplicated when resolving