-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Poetry migration #370
Poetry migration #370
Conversation
I made the configuration that can be used insted of setup.py. One of the reasons I decided to do that is because setup.py doesn't have the versions of the dependencies and the state of the project can't be perfectly replicated without knowing the versions.
Direct invocation of setup.py is [deprecated](https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html), so I replace it with using poetry.
I removed `version` from the `init.py` because it would require to use some library like [importlib.metadata](https://docs.python.org/3/library/importlib.metadata.html) (available from python 3.8) to get version from the package metadata and there could be different options depending on the python version. As I understand, the library by itself doen't need that functionality and if someone who uses the library wants to get it's version he can use such a library instead of `pykeepass.version` As it was used in the `make pypi` command, I made it upload all new releases to the PyPI instead of just current one. Probably twine will be replaced by `poetry publish` in the future anyway.
requirements-rtd.txt, requirements.txt, and setup.py isn't used anymore
Why should running tests depend on Poetry? |
Because to run tests we need to install package dependencies and to install dependencies we need poetry. Before there was requirements.txt, that held dependencies and pip was used directly, now there is poetry.lock instead. upd: I think I misread your question at first. So, I think you are talking not about why do we need poetry installed, but why do we run tests using This command run it's argument in activated virtual environment, where all the dependencies installed. (see https://python-poetry.org/docs/basic-usage/#using-poetry-run) |
I've grown a bit uncertain about poetry over the last few months, particularly in regards to how it seems to often break pip editable-installs and makes supporting older versions of Python more complicated. Sorry for drawing this out for so long. I see that you put in significant effort on this PR and even joined the chatroom to ask questions, so I feel bad about closing this. Hopefully this doesn't discourage you from contributing to this project or other FOSS projects like it in the future. |
There is inconsistency in dependency management in the project. Some processes use
setup.py
with almost no version restrictions and some userequirements.txt
with exact versions (that is too tight).Workflow to build the package relies on direct invocation of
setup.py
, and that is deprecated.In that PR I address that two issues by replacing
setup.py
+setuptools
bypyproject.toml
+poetry
.Details/explanations of the changes
Required python wasn't be specified so I took it from
.github/workflows/ci.yaml
(meaning3.6+
)Dependency versions I took from the
requirements.txt
, but replaced==
for^
because it should be safe enough and not restrict user to outdated versions of the dependencies.Exact dependencies versions proven to work should be managed by poetry.lock file, that is created/updated on changing (adding, removing, updating) dependencies.
The only version restriction in
setup.py
was "pycryptodomex=>3.6.2" and I replaced it with "pycryptodomex^3.6.2" because I think it is safer.I removed
__version__
from theinit.py
because it would require to use some library like importlib.metadata (available from python 3.8) to get version from the package metadata and there could be different options depending on the python version. As I understand, the library by itself doesn't need that functionality and if someone who uses the library wants to get it's version he can use such a library instead ofpykeepass.__version__
.As it was used in the
make pypi
command, I made it upload all new releases to the PyPI instead of just current one. Probably it will be replaced bypoetry publish
in the future.Current (
1.7.1
) version ofpoetry
doesn't supportpython < 3.8
, andpoetry 1.1.13
is the last version withpython 3.6
support. So in thegithub CI
I usepoetry 1.1.13
for bothpython 3.6
and3.7
, so It will be fine to use it for use the library, but for development current version ofpoetry
expected.