Skip to content
This repository has been archived by the owner on Aug 9, 2023. It is now read-only.

Switch to poetry for dependency management #48

Merged
merged 9 commits into from
Feb 23, 2023
Merged

Conversation

eloquence
Copy link
Member

@eloquence eloquence commented Jan 20, 2023

This PR changes our dependency management tooling for this repository from pip and pip-compile to poetry. We've previously discussed use of poetry in securedrop-client here: freedomofpress/securedrop-client#1278. We're also already using it for Dangerzone (https://github.com/freedomofpress/dangerzone).

poetry uses a modern lockfile strategy, flexible version range specifiers, and provides informative output in cases of dependency resolution issues.

This repository represents a small and simple enough target that it felt like a good place to experiment with this tooling for local development, CI and deployment.

./.venv/bin/pip install --require-hashes -r requirements/requirements.txt
apt-get update && apt-get install -y --no-install-recommends make python3 python3-pip
pip install poetry
poetry install --no-ansi
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The --no-ansi argument is necessary due to a bug in CircleCI: python-poetry/poetry#7184 (and harmless once that bug is fixed).

.circleci/config.yml Outdated Show resolved Hide resolved
docs/conf.py Show resolved Hide resolved
Copy link
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay poetry!

.circleci/config.yml Outdated Show resolved Hide resolved
.circleci/config.yml Outdated Show resolved Hide resolved
pyproject.toml Outdated Show resolved Hide resolved
pyproject.toml Outdated Show resolved Hide resolved
@eloquence eloquence force-pushed the switch-to-poetry branch 2 times, most recently from f4692d0 to 2ba850b Compare January 26, 2023 21:58
Copy link
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, minor notes in the deploy/Dockerfile.

One thing I ran into is that the poetry package provided by Fedora is out of date and doesn't support the poetry lock-version = "2.0" that the latest one generates. Not an issue, just noting that we'll all have to manually install poetry instead of being able to use system packages.


ARG GIT_BRANCH=main
RUN apt-get -q update && apt-get -qy upgrade && apt-get -qy install git make latexmk texlive-latex-extra
COPY ./ .
RUN pip install -r requirements/requirements.txt
RUN pip install --upgrade pip
RUN pip install poetry
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should pin poetry here too.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, done!

deploy/Dockerfile Outdated Show resolved Hide resolved
Copy link
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 let's do this!

@legoktm legoktm merged commit 72cef94 into main Feb 23, 2023
@legoktm legoktm deleted the switch-to-poetry branch February 23, 2023 04:38
@legoktm legoktm mentioned this pull request Jun 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants