Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Build packages with pinned dependencies from .lock file

See original GitHub issue

I have searched the issues of this repo and believe that this is not a duplicate.
I have searched the documentation and believe that my question is not covered.

Feature Request

As title says, this feature is about to poetry build build wheels and packages with pinned versions specified in poetry.lock file. Command can be something like poetry build --locked.

Its duplicate of closed #1307. Reason to close this issue was argument about libraries and applications (in short):

Libraries use wheels for distribution. Their dependencies should not be very tight so libraries can coexist with each other. Thats why poetry build dont use versions from lock file. There are also applications. Applications need pinned dependencies from lock file, so all environments (dev and prod) use same dependencies. Applications should use docker for distribution.

So I think its not actually true that applications should not use wheels and pypi for distribution, sometimes its reasonable to have package with pinned dependencies from lock file. Example of such use case can be some cli tools like https://github.com/ytdl-org/youtube-dl, so development team and end-user use same dependencies. Another example is some backend application that deployed on server by wheel package.

Issue Analytics

State:
Created 3 years ago
Reactions:44
Comments:18 (6 by maintainers)

Top GitHub Comments

5reactions

Tobotimuscommented, Aug 15, 2020

I’m certainly a fan of this idea, and made a similar comment regarding that “Applications are not distributed via wheels” argument on the original issue.

4reactions

spoorncommented, May 29, 2022

I created a poetry plugin that adds support for building wheel files via commandline using locked dependencies in poetry.lock, also adds support for data_files: https://github.com/spoorn/poeblix, https://pypi.org/project/poeblix/

Top Results From Across the Web

How should you pin dependencies and why? – The Guild

Both yarn and recent npm versions allow you to create a lock file. This allows you to lock each and every package you...

Pin exact dependency versions - Better Dev

Pinning dependency versions can save a lot of trouble, even when using a lock file. See what happens if you don't and how...

Should you Pin your JavaScript Dependencies?

Lock files are a great companion to SemVer ranges or pinning dependencies, because these files lock (pin) deeper into your dependency tree than...

Locking dependency versions - Gradle User Manual

To achieve reproducible builds, it is necessary to lock versions of dependencies and transitive dependencies such that a build with the same inputs...

How to Pin NuGet Dependencies - Benjamin Rancourt

The next time your project is built, it will generate a packages.lock.json file that you will need to commit to have reproducible builds....