Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add a poetry.lock file so dependencies can be fixed

See original GitHub issue

Since Lektor is geared towards end users, rather than being a library, I think it would be appropriate to commit a poetry.lock file into the repo, so people can install the exact dependencies each version requires.

Leaving the versions open-ended is good when developing a library, as you don’t want to clash with the other versions in the codebase, but Lektor will presumably be installed with pipx and doesn’t need to care about pinning its exact versions.

Personally, I’ve been having issues where I can no longer build my site because Lektor 3.2.2 doesn’t work with the latest Click. If the versions were pinned, it would keep working, as it would install the exactly compatible version of Click.

Issue Analytics

State:
Created a year ago
Comments:9 (9 by maintainers)

Top GitHub Comments

1reaction

yagebucommented, Sep 3, 2022

I don’t think we’re in disagreement 😉 I’m mostly arguing against adding fixed dependencies in the released versions of Lektor.

I still think it’s preferable for users to also have lockfiles. Only the most trivial projects will Lektor as their only dependency and will be helped by this lockfile in the Lektor repo. Only a complete lockfile with all plugins and other dependencies allows for consistent reproducible and non-failing builds.

0reactions

dairikicommented, Sep 3, 2022

FWIW, I agree that the correct place for a lock file is probably with each Lektor project. (This can be as simple as a requirements.txt committed to git, or it can be managed with, e.g., poetry if you want bells & whistles.)

Lektor falls in a fuzzy gray area between “application” and “library”. Were it not for the plugins, IMO, it would be more “application”, but with the plugins Lektor is acting more as a “library” in concert with other libraries (i.e. the plugins and their dependencies.) (Though, Lektor, with its “automatic” plugin management, tries to hide the fact, the plugins and their dependencies all go into sys.path, along with lektor. They all have to work together.)

Top Results From Across the Web

Basic usage | Documentation | Poetry - Python dependency ...

As mentioned above, the poetry.lock file prevents you from automatically getting the latest versions of your dependencies. To update to the latest versions,...

Update the lock file without upgrading dependencies #1614

I just found a way to "trick" Poetry into doing this: Invoke poetry update foo where foo is some dependency that is already...

Dependency Management With Python Poetry

Start a new Poetry project; Add Poetry to an existing project; Use the pyproject.toml file; Pin dependencies; Install dependencies with poetry.lock ...

Managing Python Dependencies with Poetry

Once you run poetry install command one of two things will happen. If this is the first time you are running poetry install...

How To Install Poetry to Manage Python Dependencies on ...

toml file is possible, you will have to account for the lock file and manually activate your virtual environment. So in the scenario...