Skip to content

feat: Support constraints in pip_compile #2916

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 30, 2025

Conversation

vihangm
Copy link
Contributor

@vihangm vihangm commented May 20, 2025

This adds in support to pass in a constraints file to pip-compile.
This is extremly useful when you want to uprade an indirect/intermediate
dependency to pull in security fixes but don't want to add said dependency to
the requirements.in file.

@aignas
Copy link
Collaborator

aignas commented May 20, 2025

The docs say that the constraints file can be used more than once: https://pip-tools.readthedocs.io/en/latest/cli/pip-compile/

What is more, I think it is possible to do this today without this PR?

  1. Add the constraints.txt files to data attribute.
  2. Use $(location) in the args.

Am I missing something here?

@vihangm
Copy link
Contributor Author

vihangm commented May 20, 2025

The docs say that the constraints file can be used more than once: pip-tools.readthedocs.io/en/latest/cli/pip-compile

Fair point, we could support a list instead of a single file/label instead.

What is more, I think it is possible to do this today without this PR?

  1. Add the constraints.txt files to data attribute.
  2. Use $(location) in the args.

Am I missing something here?

The data attribute gets popped from the kwargs here,

srcs = kwargs.pop("data", []) + [requirements_txt],

and then the .update rule here
py_binary(
name = name + ".update",
env = env,
python_version = kwargs.get("python_version", None),
**attrs
)
gets the $(location) in the args but the file isn't in it's data deps. So your suggestion doesn't work at the moment.

@aignas
Copy link
Collaborator

aignas commented May 28, 2025

But then it gets reincluded back in via

data = [name, requirements_txt] + srcs + [f for f in (requirements_linux, requirements_darwin, requirements_windows) if f != None]

I think I am missing something crucial here. Just by reading the code, this looks like it should work. What is the minimum example that does not work?

@vihangm
Copy link
Contributor Author

vihangm commented May 28, 2025

I think I am missing something crucial here. Just by reading the code, this looks like it should work. What is the minimum example that does not work?

e10255e fails.

$ bazelisk build //:requirements.update
ERROR: rules_python/examples/pip_parse/BUILD.bazel:57:25: in args attribute of py_binary rule //:requirements.update: label '//:constraints.txt' in $(location) expression is not a declared
 prerequisite of this rule. Since this rule was created by the macro 'pip_compile', the error might have been caused by the macro implementation
ERROR: rules_python/examples/pip_parse/BUILD.bazel:57:25: Analysis of target '//:requirements.update' failed
ERROR: Analysis of target '//:requirements.update' failed; build aborted
INFO: Elapsed time: 0.175s, Critical Path: 0.00s
INFO: 1 process: 1 internal.
ERROR: Build did NOT complete successfully

102a76a is the minimal change to get it working again. I'm fine with that patch instead if you don't want to support an explicit arg.

@aignas
Copy link
Collaborator

aignas commented May 29, 2025

No, I think the extra attribute for constraints makes sense. The only remaining thing here then is to make it a list.

@vihangm vihangm force-pushed the vihang/support_contraints_file branch 3 times, most recently from 3ae67df to 3f4f142 Compare May 29, 2025 20:20
@vihangm vihangm force-pushed the vihang/support_contraints_file branch from 3f4f142 to 1038104 Compare May 29, 2025 20:41
@aignas aignas enabled auto-merge May 30, 2025 01:09
@aignas aignas added this pull request to the merge queue May 30, 2025
Merged via the queue into bazel-contrib:main with commit ce80db6 May 30, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants