You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Improve the GraalPy Maven and Gradle plugins such that they can produce and consume a lock file that pins the versions of all the transitive dependencies of the Python packages manually specified in pom.xml or build.gradle. This will help prevent builds from breaking due to a new release of a Python package dependency.
Goals
Python packages often specify dependency versions as ranges rather than exact versions, for example, Matplotlib depends on numpy >= 1.23. For such a constraint, the GraalPy Maven and Gradle plugins will install the latest NumPy available. However, that means the installed NumPy version can change over time, potentially breaking the build or application code due to external factors outside the developers' control.
It is a recommended practice to manually freeze the dependencies using low-level tooling. The Maven and Gradle plugins should provide high-level tooling and workflow for this task. There should be commands to:
Create the lock file. The lock file should be checked in the version control system and once it exists, the build will install the dependencies according to the lock file.
Update the lock file when the explicit dependencies in the build script (pom.xml or build.gradle) are updated.
Non-Goals
It is not a goal to develop any custom lock file format or low-level tooling. Initially, the build plugins will delegate to pip freeze to create the lock file and pip install -r <lockfile> to install the dependencies.
The text was updated successfully, but these errors were encountered:
TL;DR
Improve the GraalPy Maven and Gradle plugins such that they can produce and consume a lock file that pins the versions of all the transitive dependencies of the Python packages manually specified in pom.xml or build.gradle. This will help prevent builds from breaking due to a new release of a Python package dependency.
Goals
Python packages often specify dependency versions as ranges rather than exact versions, for example, Matplotlib depends on
numpy >= 1.23
. For such a constraint, the GraalPy Maven and Gradle plugins will install the latest NumPy available. However, that means the installed NumPy version can change over time, potentially breaking the build or application code due to external factors outside the developers' control.It is a recommended practice to manually freeze the dependencies using low-level tooling. The Maven and Gradle plugins should provide high-level tooling and workflow for this task. There should be commands to:
Non-Goals
It is not a goal to develop any custom lock file format or low-level tooling. Initially, the build plugins will delegate to
pip freeze
to create the lock file andpip install -r <lockfile>
to install the dependencies.The text was updated successfully, but these errors were encountered: