Thanks, Andreas, for analysis. I have more to add: in Zuul we rely on extra wheels. In the wild usually only on PyPI ones. This adds more flavour to lower-constraints breakage as py3 incompats make their appearance in full, e.g.: Collecting MarkupSafe==1.0 Using cached MarkupSafe-1.0.tar.gz (14 kB) ERROR: Command errored out with exit status 1: Complete output (5 lines): Traceback (most recent call last): File "<string>", line 1, in <module> File "/tmp/pip-install-_vser3_6/MarkupSafe/setup.py", line 6, in <module> from setuptools import setup, Extension, Feature ImportError: cannot import name 'Feature' -yoctozepto On Fri, Apr 17, 2020 at 6:53 PM Andreas Jaeger <aj@suse.com> wrote:
Lower-constraints should test that the minimal requirements work together.
The way we use the install-command in tox.ini, pip often ignores the constraints and install a newer package then requested.
First Example: cloudkitty (see [1], [2] ,[3] , [4])
The repo has: install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE: https://releases.openstack.org/constraints/upper/master} {opts} {packages} and in lower-constraints.txt: "python-keystoneclient==1.9.0"
And this runs the test with "keystoneclient==4.0.0" [1]
Removing the install_command [3] or moving constraints from install_command into deps [2] gives "ERROR: Could not find a version that satisfies the requirement python-keystoneclient==1.9.0"
So, this works as expected - but means this repo never tested what it expected to test.
Second example: kolla-cli [5] Removing the install_command with constraints, suddenly lower-constraints fails with: "Could not find a version that satisfies the requirement mypy==0.6"
Same problem as with cloudkitty.
I fear that every repo that has constraints in its install_command has broken lower-constraints file. Just remove it and see that nothing works anymore ;/
Therefore, I suggest for repos to remove install_command - the default is just fine in newer tox (3.x) - and fix their lower-constraints.txt to really test that the specified package versions work together.
Information about lower-constraints.txt is at [6], Andreas
References: [1] https://review.opendev.org/720767 [2] https://review.opendev.org/720768 [3] https://review.opendev.org/720770 [4] https://review.opendev.org/720775 [5] https://review.opendev.org/#/c/720754/3 [6] https://docs.openstack.org/project-team-guide/dependency-management.html -- Andreas Jaeger aj@suse.com Twitter: jaegerandi SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D 90409 Nürnberg (HRB 36809, AG Nürnberg) GF: Felix Imendörffer GPG fingerprint = EF18 1673 38C4 A372 86B1 E699 5294 24A3 FF91 2ACB