rye Not lock to the resolved revision when I use git with *branch*

Not lock to the resolved revision when I use git with branch

Open KOBA789 opened this issue 1 year ago • 4 comments

When I use git dependency:

dependencies = [
  "awesomemodule @ git+https://github.com/org/repo@main",
]

rye outputs requirements.lock which describes branch name but not resolved revision:

awesomemodule @ git+https://github.com/org/repo@main

For reproducible build, I think that the resolved revision should be written in a lock file and, for example, Poetry does.

Jun 01 '23 14:06 KOBA789

You can actually use -rev to specify the git revision.

Jun 01 '23 15:06 ischaojie

Yes, you're right. However, this disables rye lock --update. I think it's the best that branch is in toml and revision is in lock.

(edited) I use renovate to update deps automatically. Tools like renovate require branch not revision.

Jun 01 '23 15:06 KOBA789

Oh, I understand, that's really what should be done. But I suspect pip-tools used by rye will become a limitation, need to verify that.

Jun 01 '23 15:06 ischaojie

Currently "rye sync --no-lock" also seems to pull and reinstall any git dependencies, but with this feature, that could be avoided if they are up to date, I think.

Jun 03 '23 09:06 bluss

rye rye copied to clipboard

Not lock to the resolved revision when I use git with *branch*

rye
rye copied to clipboard

Not lock to the resolved revision when I use git with branch