pipenv icon indicating copy to clipboard operation
pipenv copied to clipboard

Published 20 hours ago verified publisher icon pypa

Issue with Pipfile Dependency Resolution for Git Branch and SHA Combinations

Open retornam opened this issue 1 year ago • 3 comments

This issue is related to https://github.com/pypa/pipenv/issues/5973#issuecomment-2427496889 which resulted in this PR https://github.com/pypa/pipenv/pull/6276

it seems from my testing that the issue with resolving SHA hashes as references for packages in the Pipfile isn't resolved.

Issue description

As this occurred using non-public eggs, I've replaced the egg names with example-python-egg but this can be reproduced using public eggs and their SHAs using the steps to reproduce under the STR section

The issue arises with the dependency setup involving Git branches and Git SHAs in the Pipfile. Here's the scenario:

  • Working Cases:

    • example-python-egg and example-python-egg-two use regular Git tags, which work as expected.
    • example-python-egg-three uses a Git branch, which also works.

  • Problem Case:

    • example-python-egg-three has a dependency on example-python-egg-four, which is specified as Git SHA in example-python-egg-three's Pipfile.

This configuration appears to cause dependency resolution issues. I observed this behavior using pipenv versions v2024.3.1 and 2024.4.0.

Let me know if further details or examples are needed!

Expected result

example-python-egg-four should be resolved correctly.

Actual result

[pipenv.exceptions.InstallError]: Collecting example-python-egg@ git+ssh://****@github.com/example/example-python-egg.git@4295e2500ada462fdb3066ed7321a9a16fbd3f45 (from -r /tmp/pipenv-qyyyo2ca-requirements/pipenv-jlx9uryj-reqs.txt (line 1))
[pipenv.exceptions.InstallError]:   Using cached example-python-egg-0.1.60.post1.dev1+g4295e25-py3-none-any.whl
[pipenv.exceptions.InstallError]: Collecting example-python-egg-two@ git+ssh://****@github.com/example/example-python-egg-two.git@3dcd7827daabb8defa175c4da5430abcd9fc67d1 (from -r /tmp/pipenv-qyyyo2ca-requirements/pipenv-jlx9uryj-reqs.txt (line 2))
[pipenv.exceptions.InstallError]:   Using cached example-python-egg-two-3.3.0-py3-none-any.whl
[pipenv.exceptions.InstallError]: Collecting example-python-egg-three@ git+ssh://****@github.com/example/example-python-egg-three.git@47363e74e7c74a0df9d0ac911074abfecac10ef1 (from -r /tmp/pipenv-qyyyo2ca-requirements/pipenv-jlx9uryj-reqs.txt (line 3))
[pipenv.exceptions.InstallError]:   Using cached example-python-egg-three-0.1.19-py3-none-any.whl
[pipenv.exceptions.InstallError]: ERROR: Could not find a version that satisfies the requirement example-python-egg-four== (from versions: none)
[pipenv.exceptions.InstallError]: ERROR: No matching distribution found for example-python-egg-four==

Steps to replicate

Provide the steps to replicate (which usually at least includes the commands and the Pipfile).

Ensure you’re testing on v2024.3.1 and 2024.4.0.

  1. Create a new Pipfile with the following dependencies:

    • example-python-egg and example-python-egg-two using Git tags.
    • example-python-egg-three using a Git branch.
    • Add a dependency for example-python-egg-four in example-python-egg-three's Pipfile, specifying a Git SHA.

  2. Use the following commands to install dependencies:

    pipenv install --dev

Please run $ pipenv --support, and paste the results here. Don't put backticks (`) around it! The output already contains Markdown formatting.

I've redacted sections of the output of the above command as this error occured using non-public eggs. Hope my steps to reproduce above are as descriptive enough to reproduce the issue using public eggs.

$ pipenv --support

Pipenv version: '2024.4.0'

Pipenv location: '~/pipx/venvs/pipenv/lib/python3.12/site-packages/pipenv'

Python location: '~/.local/pipx/venvs/pipenv/bin/python'

OS Name: 'posix'

User pip version: '24.3.1'

user Python installations found:

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.12.7',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '23.6.0',
 'platform_system': 'Darwin',
 'platform_version': 'Darwin Kernel Version 23.6.0: Thu Sep 12 23:34:49 PDT '
                     '2024; root:xnu-10063.141.1.701.1~1/RELEASE_X86_64',
 'python_full_version': '3.12.7',
 'python_version': '3.12',
 'sys_platform': 'darwin'}

System environment variables:

  • COLORTERM
  • COMMAND_MODE
  • DISPLAY
  • HOME
  • LC_ALL
  • LOGNAME
  • LaunchInstanceID
  • PATH
  • SECURITYSESSIONID
  • SHELL
  • TERM
  • TMPDIR
  • USER
  • WINDOWID
  • XPC_FLAGS
  • XPC_SERVICE_NAME
  • __CFBundleIdentifier
  • __CF_USER_TEXT_ENCODING
  • SHLVL
  • PWD
  • OLDPWD
  • ZSH
  • PAGER
  • LESS
  • LSCOLORS
  • PIP_DISABLE_PIP_VERSION_CHECK
  • PYTHONDONTWRITEBYTECODE
  • PIPENV_VENV_IN_PROJECT
  • PIPENV_IGNORE_VIRTUALENVS
  • PYTHONPATH
  • PIPENV_PIPFILE
  • PYTHONUNBUFFERED
  • PYTHONFINDER_IGNORE_UNSUPPORTED
  • PIP_PYTHON_PATH
  • PIPENV_ACTIVE
  • VIRTUAL_ENV
  • VIRTUAL_ENV_PROMPT
  • PS1
  • _

Pipenv–specific environment variables:

  • PIPENV_VENV_IN_PROJECT: 1
  • PIPENV_IGNORE_VIRTUALENVS: 1
  • PIPENV_PIPFILE: ~/src/Pipfile
  • PIPENV_ACTIVE: 1

Debug–specific environment variables:

  • PATH: REDACTED
  • SHELL: /bin/zsh
  • PWD: /~/src/
  • VIRTUAL_ENV: /~/src/.venv

Contents of Pipfile ('~/src/Pipfile'):

[REDACTED]

retornam avatar Nov 20 '24 01:11 retornam

× pip subprocess to install build dependencies did not run successfully. │ exit code: 1 ╰─> [3 lines of output] Looking in indexes: https://:@pypi.fury.io// ERROR: Could not find a version that satisfies the requirement setuptools>=40.8.0 (from versions: none) ERROR: No matching distribution found for setuptools>=40.8.0

Looks somewhat similar to above issue which has been going since 2024.x.x versions.

elanou avatar Apr 17 '25 19:04 elanou

I am not sure I fully understand the issue report, but it sounds like the expectation is that the project Pipfile includes 3 git repositories, one of which has another Pipfile that includes a 4th git repository? pipenv doesn't actually inspect Pipfile/lockfile in downstream dependencies. We only look at the setuptools/pyproject.toml stuff that can specify package level dependencies.

matteius avatar Apr 25 '25 07:04 matteius

I am not sure I fully understand the issue report, but it sounds like the expectation is that the project Pipfile includes 3 git repositories, one of which has another Pipfile that includes a 4th git repository? pipenv doesn't actually inspect Pipfile/lockfile in downstream dependencies. We only look at the setuptools/pyproject.toml stuff that can specify package level dependencies.

Yeah this might be two slightly different issues now that I am re-reading it. I do not expect downstream Pipfiles to have any impact. I'm getting some odd behavior where if you have dependencies coming from private repos (e.g. gemfury), sometimes something get squirrely where it seems as though it starts looking for versions of things like setuptools from the private repo and failing. Only started happening on the 2024.x.x versions. I will have to dig into it and get more debug info next time it happens. Will open a separate issue if and when...

elanou avatar Apr 25 '25 19:04 elanou