You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependabot just introduced an update to support the pyproject.toml files that all the above methods use. It does not support PDM's custom lock file.
With this change, I would also like to use a lock file to pin specific versions rather than pinning them in the dependency list. To allow Dependabot to keep working the best way to do this is to not pin anything in the pyporject.toml file and create a separate requirements.txt lock file with the pins. The lock file will only be used by CI/Docker, the PyPi package will only get the un-pinned pyproject.toml file.
This change will make the aggregating package play nicer on installation into existing python environments but still provide reproducible builds for CI and CD.
I think the easiest way forward is moving to filt and using a requirements.txt lock. This would require the smallest number of changes to achieve.
The text was updated successfully, but these errors were encountered:
Python is moving to a static metadata format for packages. Looking at what is currently available:
Dependabot just introduced an update to support the
pyproject.tomlfiles that all the above methods use. It does not support PDM's custom lock file.With this change, I would also like to use a lock file to pin specific versions rather than pinning them in the dependency list. To allow Dependabot to keep working the best way to do this is to not pin anything in the
pyporject.tomlfile and create a separaterequirements.txtlock file with the pins. The lock file will only be used by CI/Docker, the PyPi package will only get the un-pinnedpyproject.tomlfile.This change will make the aggregating package play nicer on installation into existing python environments but still provide reproducible builds for CI and CD.
I think the easiest way forward is moving to
filtand using arequirements.txtlock. This would require the smallest number of changes to achieve.The text was updated successfully, but these errors were encountered: