Dependency protection with pyproject.tomlPete Gadomski May 10, 2023 [how-to] #python #github #github-actions
This is a follow up post to "Dependency protection with Python and Github actions", where I describe a relatively complex setup that uses
setup.cfg and external requirement files to test against our minimum set of dependencies.
With the rise of
pyproject.toml as the standard way of specifying project metadata, and setuptools' support for the standard, we can simplify our CI system quite a bit.
See the original post for background and the rationale on why we want to test against our minimum dependencies.
pyproject.toml, our dependency definitions become a lot simpler:
 = "foo" # --- 8< --- = [ "bar>=0.42" ]  = [ "pytest~=7.3" ]
Note that the core dependencies are all
>=; this is very intentional, see the original post for more on that.
In the original post, we defined our minimum requirements in a
requirements-min.txt file, and we had a CI to assert that the
requirements-min.txt was in-sync with the actual project dependencies.
This was pretty clunky and fragile, not least because any dependabot updates had to be manually tweaked to update the value in
Now that we've defined all of our dependencies in
pyproject.toml, we use a new script (I like it to live at
scripts/install-min-requirements) that installs the minimum versions of those dependencies in whatever environment you're in:
assert == 3 = . = = = assert == 1 = assert == =
This depends on all core dependencies having a
>= specifier, which they should.
The CI action becomes a lot simpler:
min-versions: name: min-versions runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: python-version: 3.9 cache: null - name: Install with dev requirements run: pip install .[dev] - name: Install minimum requirements run: ./scripts/install-min-requirements - name: Test run: pytest
To see all this in action, check out pystac-client, where we converted to this system in this PR.
Back to top