[all] Dangerous trend toward too many release-independent components

Jeremy Stanley fungi at yuggoth.org
Wed Sep 8 13:14:09 UTC 2021

On 2021-09-08 10:27:50 +0200 (+0200), Thomas Goirand wrote:
> Ok, so your recommendation is that, for each and every component that is
> marked release-independent, I should be checking the global
> requirements. I just wrote that this is unrealistic that a human does
> such a check.

I'm not saying that a human needs to check it, in fact that file is
machine-readable (it's used as input to pip but it's quite trivial
to parse). What I said is that it's what we have now, and probably
the closest thing we have to what you're asking for. It's a list of
what exact versions of dependencies we test the software with,
nothing more. We effectively freeze and branch that list whenever a
new coordinated release of OpenStack happens, and then only adjust
it to reflect stable point releases of our cycle-based deliverables.
Any independent release deliverables in there are still basically
frozen, treated just like any other "external" dependency of

If it helps, we also maintain a redirector service which routes URLs
like https://releases.openstack.org/constraints/upper/wallaby to a
raw download of the correct file. We also make sure the codename for
the cycle currently in progress is supported, so that you can begin
using it in preparation for the next coordinated release.

> If you didn't know, in Debian, Michal Arbet (who co-maintains OpenStack
> with me together in Debian) wrote this:
> Thanks to this page, anyone can know the status of OpenStack packaging
> on all the different branches we maintain. If you look at it right now,
> you'll notice that we're up-to-date, as we packaged all non-clients and
> all clients library, but we didn't package new versions of the puppet
> manifests yet (I'm waiting for the RCs to do that).

That's very cool!

> If you click on the buster-victoria button, and look for Taskflow,
> you'll see that it's up-to-date. If you click on bullseye-xena, and
> search for Taskflow, you will ... find nothing! That's because taskflow
> doesn't appear in https://releases.openstack.org/xena/index.html since
> it is release-independent. As a result, I'm left with no other choice
> than being very careful and manually check the global-requirements.

    wget -qO- https://releases.openstack.org/constraints/upper/wallaby \
    | grep -i ^taskflow=

    wget -qO- https://releases.openstack.org/constraints/upper/xena \
    | grep -i ^taskflow=

Its not ideal, no, but it's fairly straightforward (not that I would
do it in shell script, but parsing that with the re module in
Python's stdlib is trivial, or you could use something like the
packaging.requirements parser from python3-packaging).

As an aside, parsing HTML is very fiddly, you might consider
directly consuming the structured data maintained in the
openstack/releases repository as it's far easier to script (it's
YAML). I believe the openstack_releases Python package even provides
modules for parsing those.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210908/1ef17c07/attachment.sig>

More information about the openstack-discuss mailing list