-
-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Always remove extras in compiled files #1613
Comments
@FlorentJeannot You can remove extras from the output file with the https://github.com/jazzband/pip-tools/releases/tag/6.2.0 This is an important use-case for me, so I wouldn't personally mind having this become the default, but the output you're looking for is already possible to obtain. |
|
I'm going to copy my comment from #1539 here, which sums up my current thoughts on this: As long as we are offering Now that the constraints syntax is stricter (with the backtracking resolver), I expect it will be much more common for folks to need files without the extras. So I would support a separate PR to do that by default, while offering a new option to include them, e.g. |
Oooh, this one is rough. If the order of installation of packages matters, that is a real challenge. One that I'd rather nobody ever have to think about. I don't think it'd ever be possible to make that behavior intuitive. |
@ryanhiebert I agree. I tried to install GDAL here which depends on numpy. It was really painful to have it working with |
@FlorentJeannot from this link from your GDAL gist discussion, I'd say it might be best for us to ignore the ordering thing. It's not intended behavior of setuptools, so we wouldn't want to encourage that type of bad behavior from packages. What is your motivation behind wanting to create a flag that preserves the current behavior? I'd be fine just changing the behavior entirely, but my perspective may not be seeing an important constraint. |
@ryanhiebert I just wanted to emphasize your last message with this example (that it's a real challenge). I first suggested to remove the extras in the "compiled" files, because I didn't see the point to have them, and since Then @AndydeCleyre told me that there is an order of installation when we declare an extra to a package. GDAL was mentioned in another thread about this installation order, so I wanted to try it out by myself to see what happens when we try to install GDAL with different package management tools. Now that I've tried it, my opinion is that packages which depend on an order of installation is something tricky (and it also seems to be a rare thing). The way @AndydeCleyre made it work is not trivial and it's not working for me with So I still think we should not have extras by default in the "compiled" files. We could have an |
gdal turned out to be a false example here, because they are trying to control build time behavior based on the installed package set, whereas the extras only guarantee installation order, not whether extra-specified deps are installed at build time. |
Agreed with both of you, @FlorentJeannot and @AndydeCleyre . So far as I can see, I think it would be fine to remove extras be the only behavior, and deprecate the @AndydeCleyre , my question about motivation was intended for you (though I wasn't keeping good track of who I was responding to). Is there some important constraint, other than install order (which we've shown is about a concern that setuptools says should not be considered), that suggests that we should keep the ability to include extras somehow that I'm not seeing? |
And you answered that question on the PR linked earlier. I'm also fine with keeping some flag and just changing the default behavior. |
@FlorentJeannot thanks a lot for this awesome analysis and detailed summary! I'm in favor of stripping extras in
|
@atugushev I agree we should start stripping extras by default, but
What about my comment here? |
@AndydeCleyre the link does not show the comment. Could you quote here? |
I'm not saying it's good or common practice, but my understanding is that extras can be used to enforce installation order, and the set of packages already installed can be used by A hypothetical example:
|
@AndydeCleyre thanks! That looks like a shoot in the foot 😄 While I understand there are |
I agree with @atugushev |
It sounds to me like we have a rough consensus that that changing the default to strip extras is likely appropriate. I think what it needs now is someone to take a stab at making it happen with a pull request. Whether the existing behavior remains is up to the implementer and those that review the pull request. It is possible that having the backward compatibility option (that I'd prefer calling |
@ryanhiebert PR already exists (#1608) but it does not include the |
Oh nice, thank you for letting me see that. How do we draw out some consensus of action at this point? |
Proposal 👀:
Proposal 🚀:
|
Also keep in mind that whether we want them to or not, there are definitely teams out there using their own parsers on the output of |
I'll wait for a comment from @atugushev before making any change in my PR. |
I'm still in favor of "always stripping extras" and vote for 2nd proposal. My motivation:
|
The only difference between options 1 and 2 suggested by @AndydeCleyre is whether to add Unless the maintenance burden is unusually high, I don't see why you'd want to remove this existing feature. |
FWIW, if But I think preserving the extras in the compiled requirements is useful for understanding how the dependency tree was calculated, as I noted over in the |
Why pip-tools should strip extras from pip devs - pypa/pip#11599 (comment). |
Using |
AFAIU, that comment is specifically giving the rationale for excluding extras from valid constraints files, which is not the only type of file generated by pip-tools. |
That's correct. I'd like to mention that under the hood pip-tools passes requirements.txt (if exists) as pip-tools/piptools/resolver.py Lines 525 to 526 in 6870602
and strips extras: pip-tools/piptools/resolver.py Line 538 in 6870602
So essentially |
I am going to rename this ticket to "Removal of strip-extras option as being implicit", so we can start implementing it. If I read correctly most of the people agreed on going into that direction, especially as keeping them is a serious maintenance burden and a can of worms. |
Out of curiosity, has this been earmarked for a future |
I once again find myself wanting this to be the default. I think there's consensus on it, from what I can tell, so we may only be waiting on a pull request to manage the I don't think that it is blocked on anything, @acompa , so this really may be just a motivated pull request away. Are you the person to do it? Maybe I will be? We'll see who among those who care about this gets around to it first. My expectation is that it would not be a significant undertaking. |
Given that the backtracking resolver always strips extras, and it's been the default since version |
Is the plan to allow folks to include extras if they want to, or remove that possible workflow entirely? |
I suggest that we remove the workflow entirely, as was suggested and voted for in the second proposal. |
@atugushev is this right? I’m on version 7, and I ended up back here because I got an extra in my requirements file. |
Just checked, and I don't believe that strip extras is the default, even on >7. Notice the $ pip-compile --version
pip-compile, version 7.2.0
$ echo django-allauth > sample.in
$ pip-compile sample.in
#
# This file is autogenerated by pip-compile with Python 3.10
# by the following command:
#
# pip-compile sample.in
#
asgiref==3.7.2
# via django
certifi==2023.7.22
# via requests
cffi==1.15.1
# via cryptography
charset-normalizer==3.2.0
# via requests
cryptography==41.0.3
# via pyjwt
defusedxml==0.7.1
# via python3-openid
django==4.2.4
# via django-allauth
django-allauth==0.54.0
# via -r sample.in
idna==3.4
# via requests
oauthlib==3.2.2
# via requests-oauthlib
pycparser==2.21
# via cffi
pyjwt[crypto]==2.8.0
# via django-allauth
python3-openid==3.2.0
# via django-allauth
requests==2.31.0
# via
# django-allauth
# requests-oauthlib
requests-oauthlib==1.3.1
# via django-allauth
sqlparse==0.4.4
# via django
typing-extensions==4.7.1
# via asgiref
urllib3==2.0.4
# via requests |
We've seen a couple people chime in since that original 2-option proposal that they'd like to be able to keep the extras in the output. I think we're settled that That said, rather than having extras in the specified dependencies, I think they would better fit in the compiled requirements file that they were included in the |
I mad a mistake, that’s my bad. Thanks for providing the reproducer. Much appreciated. The original issue was that pip-compile includes extras in regular dependencies, but doesn’t do so for direct references (aka
Making
Feel free to submit a PR. You'll have my support with the review.
Yes, pip-compile have never supported extras in Again, my apologies for making incorrect assumptions. I'm going to close my PR #1953 since it's no longer relevant. |
Is this #1577? |
Great, it already exists! Thanks @AndydeCleyre 🙏🏻 |
I haven't seen this elsewhere, so I'll ask here: How does removing extras from compiled files interact with |
Works great in my experience. It’s important to also use |
Could get the default in future pip-tools versions, see jazzband/pip-tools#1613 (comment) for more background
I'd like to second this, as it will keep the semantic reasoning behind the extras at least somewhat intact in the generated files. |
Issue
I am opening this issue to discuss if the extras should be kept or removed in the compiled files.
@atugushev made a good summary of the situation:
We would like to get feedback from the community, do you think we should keep them or remove them and why?
My opinion is that we should remove them, since
pip-compile
is already listing all packages needed for a project, it seems redundant to me to specify it twice (one time in the extra and one time as a top-level dependency). Also, it's in theory possible to install more packages than those specified in the requirements.txt via the extras. In my opinion the generated .txt file ofpip-compile
should act as a lock file. The only advantage I can see is that we can easily inspect which dependencies are using extras.@AndydeCleyre said that the order of installation could matter in some cases such as
GDAL
which requiresnumpy
to be installed first. I checked if having the extra (gdal[numpy]
) in the .txt file was making a difference, and I found that it was not working. You can read this gist if you want to have a look at the tests I've done (there's a conclusion at the end if you don't want to read it all).Links
Some links about the discussion around this:
Samples from dependency management tools
The goal is to show you the output of different management tools when the project specifies extras. This may help you make a decision on the issue.
For each tool, I installed
gdal[numpy]==3.2.2
.pip
Command:
pip freeze > requirements.txt
The file contains:
pip-tools
Command:
pip-compile
The file contains:
Pipenv
Command:
pipenv lock -r > requirements.txt
The file contains:
Poetry
Command:
poetry export -o requirements.txt
The file contains:
Pros and cons
I'll try to collect all your feedbacks to update these lists.
Reasons to keep the extras:
Reasons to remove the extras:
pip-sync
orpip
could install more packages than what is listed in a .txt file because of extras. I think the output ofpip-compile
should act as a lock file, so it should only install what's specified in the .txt file. (FlorentJeannot)The text was updated successfully, but these errors were encountered: