[PATCH v2] requirements: Start using fixed versions

Daniel Axtens dja at axtens.net
Sat Sep 22 01:13:28 AEST 2018 

Stephen Finucane <stephen at that.guru> writes:

> On Sat, 2018-09-22 at 00:19 +1000, Daniel Axtens wrote:
>> Stephen Finucane <stephen at that.guru> writes:
>> 
>> > Given that 'tox' doesn't actually read any of these, there's no reason
>> > to use ranges of requirements. Instead, use the latest and greatest for
>> > live instances and rely on tox to validate behavior with older versions.
>> 
>> I don't really understand the motivation for this, but I am not
>> primarily a python developer, so I'm going to assume it's standard
>> practise in the Python world. (And I see the pyup bot constantly making
>> PRs for this sort of stuff, so that makes me more confident that this is
>> the case.) On that basis, given that v2 fixes Postgres, I have merged
>> it.
>
> I've only grasped this myself recently so I'll just dump my impression
> of things here.
>
> When it comes to deciding how to manage requirements, you've got to
> assess the two types of software you might encounter.
>
>  * libraries
>  * applications
>
> Libraries are consumed by other projects and should therefore aim to
> support as wide a range of requirements as possible/practical. This
> allows the library itself to be as widely used as possible.
> Applications, on the other hand, are consumers of libraries and are
> rarely consumed themselves. For that reason, they don't need this
> flexibility.
>
> Given that Patchwork is an application, we fall into the latter camp.
> In an ideal world, this means we wouldn't need to support more than a
> single version of each of our requirements, allowing us to test against
> one set of dependencies and require those. However, we don't get to
> dictate how our users install their dependencies, meaning we need to
> support a broader range of dependencies to allow people to install from
> PyPI, apt, dnf/yum, etc. That said, given that we validate this by way
> of tox, we can use 'requirements.txt' as the source of "optimal" (read:
> latest and greatest) requirements, while the 'deps' section in tox
> defines the requirements for various other configurations.
>
> Does that make sense?

Huh, nifty. Sounds good to me, thanks for the explanation.

Daniel

>
> Stephen
>
>> Regards,
>> Daniel
>> 
>> > 
>> > The selenium dependency, which is no longer required since commit
>> > bab2895f, is removed. The psycopg2 dependency is updated to use
>> > psycopg2-binary, as this avoids the need for the libpg library and
>> > removes a deprecation warning.
>> > 
>> > Signed-off-by: Stephen Finucane <stephen at that.guru>
>> > ---
>> > v2:
>> > - Include psycopg2-binary in requirements-test.txt
>> > - Include various django* requirements in requirements-dev.txt instead
>> >   of simply including requirements-prod.txt, to prevent conflicts with
>> >   psycopg2-binary dependencies
>> > - Update dependencies to latest PATCH versions
>> > ---
>> >  requirements-dev.txt  |  8 ++++----
>> >  requirements-prod.txt | 10 +++++-----
>> >  requirements-test.txt |  7 +++----
>> >  tox.ini               |  1 -
>> >  4 files changed, 12 insertions(+), 14 deletions(-)
>> > 
>> > diff --git a/requirements-dev.txt b/requirements-dev.txt
>> > index f4ad751a..70b747f5 100644
>> > --- a/requirements-dev.txt
>> > +++ b/requirements-dev.txt
>> > @@ -1,5 +1,5 @@
>> > -Django>=1.11,<2.1; python_version >= '3.4'
>> > -Django>=1.11,<2.0; python_version < '3.0'
>> > -djangorestframework>=3.4,<3.9
>> > -django-filter>=1.0,<1.2
>> > +Django==2.0.8; python_version >= '3.4'
>> > +Django==1.11.15; python_version < '3.0'
>> > +djangorestframework==3.8.2
>> > +django-filter==1.1.0
>> >  -r requirements-test.txt
>> > diff --git a/requirements-prod.txt b/requirements-prod.txt
>> > index e7a75354..efe6743c 100644
>> > --- a/requirements-prod.txt
>> > +++ b/requirements-prod.txt
>> > @@ -1,6 +1,6 @@
>> > -Django>=1.11,<2.1; python_version >= '3.4'
>> > -Django>=1.11,<2.0; python_version < '3.0'
>> > -djangorestframework>=3.4,<3.9
>> > -django-filter>=1.0,<1.2
>> > -psycopg2>=2.7,<2.8
>> > +Django==2.0.8; python_version >= '3.4'
>> > +Django==1.11.15; python_version < '3.0'
>> > +djangorestframework==3.8.2
>> > +django-filter==1.1.0
>> > +psycopg2-binary==2.7.5
>> >  sqlparse==0.2.4
>> > diff --git a/requirements-test.txt b/requirements-test.txt
>> > index 94dc3db7..295cceff 100644
>> > --- a/requirements-test.txt
>> > +++ b/requirements-test.txt
>> > @@ -1,5 +1,4 @@
>> > -mysqlclient>=1.3,<1.4
>> > -psycopg2-binary>=2.7,<2.8
>> > +mysqlclient==1.3.13
>> > +psycopg2-binary==2.7.5
>> >  django-debug-toolbar==1.9.1
>> > -python-dateutil>2.0,<3.0
>> > -selenium>=3.0,<4.0
>> > +python-dateutil==2.7.3
>> > diff --git a/tox.ini b/tox.ini
>> > index 3684d716..3a783d26 100644
>> > --- a/tox.ini
>> > +++ b/tox.ini
>> > @@ -19,7 +19,6 @@ setenv =
>> >      py27: PYTHONWARNINGS = once
>> >      py{34,36}:PYTHONWARNINGS = once,ignore::ImportWarning:backports
>> >      py35:PYTHONWARNINGS = once,ignore::ResourceWarning:unittest.suite,ignore::ImportWarning:backports
>> > -
>> >  passenv =
>> >      http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
>> >      PW_TEST_DB_TYPE PW_TEST_DB_USER PW_TEST_DB_PASS PW_TEST_DB_HOST
>> > -- 
>> > 2.17.1

More information about the Patchwork mailing list