Pbr cannot include unreleased dependencies from requirements
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PBR |
Confirmed
|
Medium
|
Unassigned |
Bug Description
pbr is unable to support retrieving dependencies directly from git repositories based on the SHA1
Looking at a fork of the openstack zuul project as hosted at https:/
E.g. for a project using pbr and a requirements.txt containing the follow dependency:
-e git+https:/
And using the following command to install in the source directory:
pip install -U .
Will fail to install the version as specified by the SHA1 and will instead install the last released version from PyPi.
Turning on the verbose mode (pip -v ...) produces output containing the following:
1 location(s) to search for versions of Github3.py:
* https:/
Getting page https:/
Looking up "https:/
However switching to using the following command:
pip -v install -U -r requirements.txt .
Will produce output contain the following message:
Obtaining Github3.py from git+https:/
Running command git config --get-regexp remote\..*\.url
remote.origin.url https:/
Clone in ./.tox/
Running command git rev-parse HEAD
8e9ca0056b8fe
...
It seems that the requirements after being parsed by pbr and presented to setuptools for pip to process do not contain sufficient information for it to know that it should go to github instead for this dependency.
In an attempt to understand what was going on, I added some 'logger.info' calls around the following block of code in pip (installed in a virtualenv) https:/
I used this to dump the contents of `req.__dict__` to see what differences existed:
When using pbr purely req.__dict__ for the Github3.py requirement contained:
{'comes_from': '-r requirements.txt (line 6)', 'req': <Requirement(
When passing the requirements.txt file to pip req.__dict__ for the Github3.py requirement contained:
{'comes_from': <InstallRequirement object: zuul==2.5.2.dev117 from file://
At a guess it appears that the dependency link information indicating to use GitHub does not get passed through to pip in the same expected fashion when having pbr reflect the contents of requirements.txt, as opposed to when pip processes requirements files itself.
Changing the zuul requirements.txt to use the following
---
pbr>=1.8.0
# We need https:/
# in a release. This is only in testing because pip install -U . does not
# respect pulling from git and so is installed manually in deployment.
-e git+https:/
PyYAML>=3.1.0
Paste<2.0
WebOb>=1.2.3
paramiko>
GitPython>
ordereddict
python-
extras
statsd>=1.0.0,<3.0
voluptuous>=0.7
gear>=0.5.7,<1.0.0
apscheduler>=3.0
PrettyTable>
babel>=1.0
six>=1.6.0
pyjwt
cryptography
iso8601
jenkins-
---
And adding the option '--process-
pip install --process-
This seems wrong, 'pip install -U .' and using pbr to provide the requirements automatically or using 'pip install -U -r requirements.txt .' should result in the same outcome and currently it does not.
Package versions:
pbr version: 2.0.0
pip version: 9.0.1
Changed in pbr: | |
status: | New → Confirmed |
importance: | Undecided → Medium |