Lower-constraints should test that the minimal requirements work together.
The way we use the install-command in tox.ini, pip often ignores the
constraints and install a newer package then requested.
First Example: cloudkitty (see [1], [2] ,[3] , [4])
The repo has:
install_command = pip install
-c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
{opts} {packages}
and in lower-constraints.txt:
"python-keystoneclient==1.9.0"
And this runs the test with "keystoneclient==4.0.0" [1]
Removing the install_command [3] or moving constraints from
install_command into deps [2] gives
"ERROR: Could not find a version that satisfies the requirement
python-keystoneclient==1.9.0"
So, this works as expected - but means this repo never tested what it
expected to test.
Second example: kolla-cli [5]
Removing the install_command with constraints, suddenly
lower-constraints fails with:
"Could not find a version that satisfies the requirement mypy==0.6"
Same problem as with cloudkitty.
I fear that every repo that has constraints in its install_command has
broken lower-constraints file. Just remove it and see that nothing works
anymore ;/
Therefore, I suggest for repos to remove install_command - the default
is just fine in newer tox (3.x) - and fix their lower-constraints.txt to
really test that the specified package versions work together.
Information about lower-constraints.txt is at [6],
Andreas
References:
[1] https://review.opendev.org/720767
[2] https://review.opendev.org/720768
[3] https://review.opendev.org/720770
[4] https://review.opendev.org/720775
[5] https://review.opendev.org/#/c/720754/3
[6] https://docs.openstack.org/project-team-guide/dependency-management.html
--
Andreas Jaeger aj@suse.com Twitter: jaegerandi
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D 90409 Nürnberg
(HRB 36809, AG Nürnberg) GF: Felix Imendörffer
GPG fingerprint = EF18 1673 38C4 A372 86B1 E699 5294 24A3 FF91 2ACB