googleapis
fix: add cyrptography package to prerelease tests
Cryptography is a required dependency of google-auth 3.x pre-release and needs to be added to the pre-release tests since we install dependencies with --no-deps.
https://github.com/googleapis/gapic-generator-python/blob/d20dd2876fbf8c35f6a994639864815b0d7608ab/gapic/templates/noxfile.py.j2#L508
The reason for using --no-deps is to ensure that a pre-release version of a package is not downgraded.
Summary of Changes
Hello @parthea, I'm Gemini Code Assist[^1]! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request resolves a potential issue with prerelease test failures by incorporating the cryptography package into the test environment setup. The cryptography library is a required dependency for google-auth v3.x, and its explicit inclusion in both the dependency list and the installation process for core dependencies will ensure that tests run smoothly and reliably.
Highlights
-
Prerelease Dependencies: The "cryptography" package has been added to the list of prerelease dependencies (
prerel_deps) innoxfile.py.j2. This ensures it's available for testing environments. -
Test Session Installation: Explicit installation of the
cryptographypackage has been added to thecore_deps_from_sourcesession withinnoxfile.py.j2. This guarantees its presence before running unit tests, specifically forgoogle-auth v3.xcompatibility.
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in pull request comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with :thumbsup: and :thumbsdown: on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
[^1]: Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.
![gemini-code-assist[bot] avatar](https://avatars.githubusercontent.com/in/956858?v=4 "Published by a pub.dev verified publisher"){kind=small}
The reason for using --no-deps is to ensure that a pre-release version of a package is not downgraded.
It sounds like using --upgrade-strategy eager might be another way to accomplish the same thing, without losing dependency download. But I'm not super familiar with this, so maybe I'm misunderstanding
Following up on https://github.com/googleapis/gapic-generator-python/pull/2513#issuecomment-3676458206, --upgrade-strategy eager won't work in this case because the constraints in setup.py may prevent a prerelease from being installed. For example, google-auth 3.0.0 pre-release isn't permitted as per the following constraint
https://github.com/googleapis/gapic-generator-python/blob/d20dd2876fbf8c35f6a994639864815b0d7608ab/gapic/templates/setup.py.j2#L36
We need to install google-auth separately from the generated client library. If we don't have -no-deps, then we may downgrade another dependency.
Neither
pip install --upgrade-strategy eager google-cloud-access-approval google-auth
pip install --pre google-cloud-access-approval google-auth
will install the pre-release of google-auth 3.0.0 because of this constraint:
https://github.com/googleapis/gapic-generator-python/blob/d20dd2876fbf8c35f6a994639864815b0d7608ab/gapic/templates/setup.py.j2#L36
We need
pip install --pre google-auth --ignore-installed
and
pip install --pre google-cloud-access-approval --ignore-installed --no-deps
Maybe we should consider allowing >=3.0.0 in the api_core library? That seems like something we'll have to do at some point anyway
Following up on https://github.com/googleapis/gapic-generator-python/pull/2513#issuecomment-3712075952, allowing an untested major version defeats the purpose of pre-release testing. My initial thought is that we shouldn't increase the allowed major version of dependencies until a stable major version of the dependency has been released and tested. I think the approach that we had originally was correct, but I will move the required dependencies to the constraints file, add comments and clean up the test.
I assumed >=3.0.0 would ignore pre-releases
I think we should actually hold off on adding cryptography, because we can probably keep it as an optional dependency in google-auth
It would be great if we could get this to work with new dependencies for future changes. But if that's not feasible, we can close this for now