Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider removing poetry.lock from .gitignore #849

Closed
annastuchlik opened this issue Aug 4, 2023 · 2 comments · Fixed by #1186
Closed

Consider removing poetry.lock from .gitignore #849

annastuchlik opened this issue Aug 4, 2023 · 2 comments · Fixed by #1186
Assignees
@dgarcia360
Labels
enhancement New feature or request

Comments

@annastuchlik
Copy link
Collaborator

This issue is opened to start a discussion per the developer's request in issue scylladb/scylladb#12033.

While checking in lock files is a good practice, the proposed solution may impact, for example, running local previews. We may opt to leave the current solution, but it's worth discussing what options we have.
@dgarcia360 dgarcia360 added the enhancement New feature or request label Mar 26, 2024
@dgarcia360 dgarcia360 self-assigned this Aug 13, 2024
@dgarcia360
Copy link
Collaborator

dgarcia360 commented Aug 19, 2024
edited
Loading

We propose that each project commits its poetry.lock file to the repository, as recommended in https://python-poetry.org/docs/basic-usage/#committing-your-poetrylock-file-to-version-control

Why

  1. Repeatable builds: Ensures consistent dependency versions across development and production.

  2. Minimized risk of breakage: Locks dependencies to prevent issues from unexpected updates, as seen in fix: set strict version for sphinx-notfound-page extension #1157

Challenges & solutions

  • Distribution flexibility vs. security: Committing the lock file limits automatic theme updates, favoring stability but reducing flexibility.

    Proposed solution: Enable Dependabot on each project to automate dependency updates, targetting our Sphinx packages (sphinx-scylladb, sphinx-scylladb-multiversion).

Next steps

  • Remove poetry.lock from make clean.
  • Remove poetry.lock form gitignore.
  • Set dependencies in pyproject.toml to install always latest minor
  • Create a sample dependabot scripts projects can copy and paste.
  • Release new theme version.
  • Post announcement in forum.
  • Help projects to migrate to the latest version (PR per project).
  • Distribute a new theme version.

@dgarcia360 dgarcia360 mentioned this issue Aug 23, 2024
Merged
@annastuchlik annastuchlik mentioned this issue Sep 25, 2024
Open
@dgarcia360
Copy link
Collaborator

dgarcia360 commented Sep 30, 2024
edited
Loading

During the upgrade to 1.8, I noticed that we needed to remove the poetry update command from the make setup command to ensure that the dependencies defined in poetry.lock are used in production builds. I’ve applied this change to most of the upgrade PRs, except for the repositories that have already merged, for which I’ll send a fix:

This was referenced Sep 30, 2024
Merged
Closed
Merged
Merged
Merged
Merged
@dgarcia360 dgarcia360 mentioned this issue Oct 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgarcia360 dgarcia360

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: recommmend to commit poetry.lock dgarcia360/sphinx-scylladb-theme
2 participants
@dgarcia360 @annastuchlik