<div dir="ltr">Thanks, Andreas, for analysis.<div><br></div><div>I have more to add: in Zuul we rely on extra wheels. In the wild usually only on PyPI ones.</div><div>This adds more flavour to lower-constraints breakage as py3 incompats make their appearance in full, e.g.:</div><div><br></div><div>Collecting MarkupSafe==1.0<br> Using cached MarkupSafe-1.0.tar.gz (14 kB)<br> ERROR: Command errored out with exit status 1:<br> Complete output (5 lines):<br> Traceback (most recent call last):<br> File "<string>", line 1, in <module><br> File "/tmp/pip-install-_vser3_6/MarkupSafe/setup.py", line 6, in <module><br> from setuptools import setup, Extension, Feature<br> ImportError: cannot import name 'Feature'<br></div><div><br></div><div>-yoctozepto</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 17, 2020 at 6:53 PM Andreas Jaeger <<a href="mailto:aj@suse.com">aj@suse.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Lower-constraints should test that the minimal requirements work together.<br>
<br>
The way we use the install-command in tox.ini, pip often ignores the<br>
constraints and install a newer package then requested.<br>
<br>
First Example: cloudkitty (see [1], [2] ,[3] , [4])<br>
<br>
The repo has:<br>
install_command = pip install<br>
-c{env:UPPER_CONSTRAINTS_FILE:<a href="https://releases.openstack.org/constraints/upper/master" rel="noreferrer" target="_blank">https://releases.openstack.org/constraints/upper/master</a>}<br>
{opts} {packages}<br>
and in lower-constraints.txt:<br>
"python-keystoneclient==1.9.0"<br>
<br>
And this runs the test with "keystoneclient==4.0.0" [1]<br>
<br>
Removing the install_command [3] or moving constraints from<br>
install_command into deps [2] gives<br>
"ERROR: Could not find a version that satisfies the requirement<br>
python-keystoneclient==1.9.0"<br>
<br>
So, this works as expected - but means this repo never tested what it<br>
expected to test.<br>
<br>
Second example: kolla-cli [5]<br>
Removing the install_command with constraints, suddenly<br>
lower-constraints fails with:<br>
"Could not find a version that satisfies the requirement mypy==0.6"<br>
<br>
Same problem as with cloudkitty.<br>
<br>
I fear that every repo that has constraints in its install_command has<br>
broken lower-constraints file. Just remove it and see that nothing works<br>
anymore ;/<br>
<br>
Therefore, I suggest for repos to remove install_command - the default<br>
is just fine in newer tox (3.x) - and fix their lower-constraints.txt to<br>
really test that the specified package versions work together.<br>
<br>
Information about lower-constraints.txt is at [6],<br>
Andreas<br>
<br>
References:<br>
[1] <a href="https://review.opendev.org/720767" rel="noreferrer" target="_blank">https://review.opendev.org/720767</a><br>
[2] <a href="https://review.opendev.org/720768" rel="noreferrer" target="_blank">https://review.opendev.org/720768</a><br>
[3] <a href="https://review.opendev.org/720770" rel="noreferrer" target="_blank">https://review.opendev.org/720770</a><br>
[4] <a href="https://review.opendev.org/720775" rel="noreferrer" target="_blank">https://review.opendev.org/720775</a><br>
[5] <a href="https://review.opendev.org/#/c/720754/3" rel="noreferrer" target="_blank">https://review.opendev.org/#/c/720754/3</a><br>
[6] <a href="https://docs.openstack.org/project-team-guide/dependency-management.html" rel="noreferrer" target="_blank">https://docs.openstack.org/project-team-guide/dependency-management.html</a><br>
-- <br>
Andreas Jaeger <a href="mailto:aj@suse.com" target="_blank">aj@suse.com</a> Twitter: jaegerandi<br>
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D 90409 Nürnberg<br>
(HRB 36809, AG Nürnberg) GF: Felix Imendörffer<br>
GPG fingerprint = EF18 1673 38C4 A372 86B1 E699 5294 24A3 FF91 2ACB<br>
<br>
</blockquote></div>