[all] Lower-constraints in some projects broken - update your repos

Andreas Jaeger aj at suse.com
Fri Apr 17 16:45:12 UTC 2020

Lower-constraints should test that the minimal requirements work together.

The way we use the install-command in tox.ini, pip often ignores the
constraints and install a newer package then requested.

First Example: cloudkitty (see [1], [2] ,[3] , [4])

The repo has:
    install_command = pip install
{opts} {packages}
and in lower-constraints.txt:

And this runs the test with "keystoneclient==4.0.0" [1]

Removing the install_command [3] or moving constraints from
install_command into deps [2] gives
"ERROR: Could not find a version that satisfies the requirement

So, this works as expected - but means this repo never tested what it
expected to test.

Second example: kolla-cli [5]
Removing the install_command with constraints, suddenly
lower-constraints fails with:
    "Could not find a version that satisfies the requirement mypy==0.6"

Same problem as with cloudkitty.

I fear that  every repo that has constraints in its install_command has
broken lower-constraints file. Just remove it and see that nothing works
anymore ;/

Therefore, I suggest for repos to remove install_command - the default
is just fine in newer tox (3.x) - and fix their lower-constraints.txt to
really test that the specified package versions work together.

Information about lower-constraints.txt is at [6],

[1] https://review.opendev.org/720767
[2] https://review.opendev.org/720768
[3] https://review.opendev.org/720770
[4] https://review.opendev.org/720775
[5] https://review.opendev.org/#/c/720754/3
[6] https://docs.openstack.org/project-team-guide/dependency-management.html
 Andreas Jaeger aj at suse.com Twitter: jaegerandi
  SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D 90409 Nürnberg
   (HRB 36809, AG Nürnberg) GF: Felix Imendörffer
    GPG fingerprint = EF18 1673 38C4 A372 86B1  E699 5294 24A3 FF91 2ACB

More information about the openstack-discuss mailing list