Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Distinguish between libraries and applications

See original GitHub issue

I have searched the issues of this repo and believe that this is not a duplicate.
I have searched the documentation and believe that my question is not covered.

Feature Request

When you have a pure application, e.g. a package which is intended not to be imported by other packages, but only to be executed directly (e.g. CLI application, a web service, some GUI program), it would be nice to have reliable installations at the client.

For reliable installations, it is important that the dependencies (including transitive ones) are pinned. They are pinned in the poetry.lock file, but that file is not uploaded / used when a package built with poetry, uploaded to PyPI.org is installed via pip.

My suggestion is:

Within [tool.poetry], add is-pure-application: true / false or similar (never-included? no-library?)
When this attribute is present and true, then poetry adds the transitive dependencies to the shipped setup.py file
Then, when installed via pipx, one can be absolutely certain about what is installed and have way more control about the environment.

I’m uncertain, however, how to deal with the “normal” pip which does not create a virtual environment for such a package. That would be problematic.

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:7 (1 by maintainers)

Top GitHub Comments

1reaction

finswimmercommented, Nov 8, 2020

From my point of view, what would make more sense would be to instruct poetry build to write the pinned dependencies as Requires-Dist in the distributions.

There is a feature request for this: https://github.com/python-poetry/poetry/issues/2778

But I’m with you @sinoroc that this is a good way to shoot yourself in the foot 😃

@MartinThoma: I will close your issue as a more or less duplicate of #2778. Feel free to leave a comment if you disagree with it.

1reaction

sinoroccommented, Nov 6, 2020

I get the general idea, but the suggested method does not make sense to me.

From my point of view, what would make more sense would be to instruct poetry build to write the pinned dependencies as Requires-Dist in the distributions.

This is typically the kind of things I would like to see implemented as a plugin, not necessarily part of poetry proper. Because this seems like one nice way to shoot yourself in the foot, if you pin everything in the distributions without knowing what you are doing.

I’m uncertain, however, how to deal with the “normal” pip which does not create a virtual environment for such a package. That would be problematic.

This does not seem feasible. I do not see what role pip would play in that. I’d rather recommend another plugin that would output a zipapp containing pinned dependencies.