-
Notifications
You must be signed in to change notification settings - Fork 1
Switch to poetry
for dependency management
#48
Conversation
./.venv/bin/pip install --require-hashes -r requirements/requirements.txt | ||
apt-get update && apt-get install -y --no-install-recommends make python3 python3-pip | ||
pip install poetry | ||
poetry install --no-ansi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The --no-ansi
argument is necessary due to a bug in CircleCI: python-poetry/poetry#7184 (and harmless once that bug is fixed).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay poetry!
f4692d0
to
2ba850b
Compare
2ba850b
to
599c26b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good, minor notes in the deploy/Dockerfile.
One thing I ran into is that the poetry
package provided by Fedora is out of date and doesn't support the poetry lock-version = "2.0"
that the latest one generates. Not an issue, just noting that we'll all have to manually install poetry instead of being able to use system packages.
deploy/Dockerfile
Outdated
|
||
ARG GIT_BRANCH=main | ||
RUN apt-get -q update && apt-get -qy upgrade && apt-get -qy install git make latexmk texlive-latex-extra | ||
COPY ./ . | ||
RUN pip install -r requirements/requirements.txt | ||
RUN pip install --upgrade pip | ||
RUN pip install poetry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should pin poetry here too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, done!
81c2260
to
febcfe3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀 let's do this!
This PR changes our dependency management tooling for this repository from
pip
andpip-compile
to poetry. We've previously discussed use ofpoetry
insecuredrop-client
here: freedomofpress/securedrop-client#1278. We're also already using it for Dangerzone (https://github.com/freedomofpress/dangerzone).poetry
uses a modern lockfile strategy, flexible version range specifiers, and provides informative output in cases of dependency resolution issues.This repository represents a small and simple enough target that it felt like a good place to experiment with this tooling for local development, CI and deployment.