Poetry plugin to freeze a wheel's dependencies per lock file
Project description
Freeze Wheel Plugin
Poetry plugin for creating frozen wheels using lockfiles.
Why
A common issue when publishing a Python application's release into PyPI, is whether or not the dependencies specified will continue to work over time. This tends to happen due to a confluence of reasons, poor dependency specification, bad observance of semantic versioning, poor release management. That translates to a reality where installing an older release is unlikely to work, due to changes in the underlying dependecy graph.
The dependency ecosystem is both complex and fragile. The emergence of lock files to ensure repeatability is testimony both to the problem and one solution. Yet when we go to publish in the packaging ecosystem we do so with non frozen dependencies not with lockfiles. That means the testing pieplines that goes to produce a release is against a lockfile but the release is divorced of its contents.
The various language package distribution channels (npm, pypi, rubygems, etc) are used for two different distribution purposes, for both libraries and applications. Generally speaking libraries should be relatively liberal on their own dependencies baring perhaps major versions to minimize conflicts for applications depending on them and ideal consist of minimal dependencies graphs. But for applications repeatible, verifyable installs are fundamental goals with potentially large dependency graphs. ie. libraries have developers and applications as consumers, applications have users as consumers.
What
A post build / pre publish command to allow for creating wheels with frozen dependencies. Basically we update metadata on Requires-Dist to replace the pyproject.toml based version specification to a frozen (ie. ==version) one based on the version from the poetry lock information.
Usage
# install plugin
poetry self install poetry-plugin-freeze
# build per normal
poetry build
# add freeze step
poetry freeze-wheel
# publish per normal
poetry publish
Mono-Repo Support
To support mono repos consisting of multiple libraries/applications, when creating a frozen wheel, dev dependencies specified by path can be optionally substituted out for references to their release artifact versions.
This assumes automation to run build and publish across the various subpackages.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file poetry_plugin_freeze-1.0.0.tar.gz.
File metadata
- Download URL: poetry_plugin_freeze-1.0.0.tar.gz
- Upload date:
- Size: 4.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.11.1 Darwin/22.3.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 458fbeaba13367fd85bc30a61117fb6f2515601b7372505cd29361b25ceeda20 |
|
| MD5 | 839f7addce0eea8efeb0a4ef6ec9d278 |
|
| BLAKE2b-256 | 5fd56578239f818a3cfc814f7d0c272b6d363a0fde8e910e313068d3b3bcf65c |
Provenance
File details
Details for the file poetry_plugin_freeze-1.0.0-py3-none-any.whl.
File metadata
- Download URL: poetry_plugin_freeze-1.0.0-py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.11.1 Darwin/22.3.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | cf3d50649616a236fb4022333eb3a28b328774586ad9a9c4294f94b138f5889e |
|
| MD5 | da459d3b998976688814e56a1d4d19e1 |
|
| BLAKE2b-256 | 34f09366102218b3ea6bf7421dcc20070ae3bedab8641df8d1910fafd72cf5c9 |
