moto icon indicating copy to clipboard operation
moto copied to clipboard
verified publisher icon getmoto

Implement PEP-517/518 (pyproject.toml)

Open whardier opened this issue 4 years ago • 5 comments

Please remove setuptools from install_requires in setup.py. When using tools that compile list of deployable packages setuptools will be inadvertantly included and when using well known tools like pip-tools to compile a requirements file with hashes it will inadvertantly issue a warning that including setuptools in the compiled requirements file is considered unsafe (chicken egg issue).

whardier avatar Jul 30 '21 21:07 whardier

Thanks for raising this @whardier. You're right, that should not be part of setup.py. Ideally we tackle this as a broader push to implement PEP-517/518 (i.e., pyproject.toml).

bblommers avatar Jul 31 '21 15:07 bblommers

The dependency has been removed as of #4124, release 2.2.1. I'll leave this ticket open to track a full pyproject.toml implementation.

bblommers avatar Aug 03 '21 11:08 bblommers

A first (WIP) attempt at the conversion to pyproject.toml can be found here: https://github.com/spulec/moto/compare/master...bblommers:admin/pyprojecttoml?expand=1

This PR does not provide an editable installation (pip install -e .), and I haven't figured out how/if that can be done without having a shim setup.py.

Downsides of the toml approach that I've encountered so far:

  • The dependencies are copy-pasted everywhere, with a lot of potential for them to go out of sync
  • All services have to be listed manually (as opposed to programmatically providing the list) - with more potential for things to go out of sync

The upsides of this approach are.. that it's new and fancy? I guess?

I like the idea of PEP-517, but as it stands, I'm not sure the downsides are worth it for this project. If anyone has suggestions on how to improve the current implementation I'd love to hear them!

(Outstanding TODO's: I've changed the project name/version to test the release process, that will obviously have to be changed back if/when we merge)

bblommers avatar Dec 04 '21 16:12 bblommers

Bert, you might find this useful: PEP 660 – Editable installs for pyproject.toml based builds: https://peps.python.org/pep-0660/

And the list of features for PIP v21.3: https://pip.pypa.io/en/stable/news/#id94

Doesn't solve the requirements issue, nor can you force people to update pip, but ...

kbalk avatar May 30 '22 14:05 kbalk

Thanks for sharing @kbalk! Good to know there is some progress in this space.

bblommers avatar May 30 '22 21:05 bblommers