skeleton sync #4992
skeleton sync #4992
Conversation
…co/skeleton#175) This reverts commit 8673961. Removing `python-version` falls back on the Python bundled with the runner, making actions/setup-python a no-op. Here, the maintainer prefers using the latest release of Python 3. This is what `3.x` means: use the latest release of Python 3.
|
This possibly brings the same dependency cycle limitations of PEP 517, described in coherent-oss/coherent.build#32 -- if built from source code. So my understanding is that Or maybe that is the idea for future releases, but not present in 0.33.1 yet? Although the coherent-licensed project itself seems to use the flit replacement: So the replacement seems to happen for the projects built with |
|
Other than the discussion on the That will introduce a dependency cycle: https://github.com/psf/requests (regardless of |
The original design was that The more recent design based on coherent-oss/system#12 instead "compiles" the repo source into a flit-core-based sdist. It's still opt-in, but I'm inclined to make that the default behavior, because it seems to be the only solution I've found to the bootstrapping problem.
Whoops. I had to do a manual release of 0.33.1 due to breakage in the 0.33.0 version and I forgot to opt-in to the flit-core backend. See 0.33.0 for an example of how the code gets compiled to flit. I can simply cut another release 0.33.2 and it will have the same behavior (done).
Yes, indeed. It looks like requests is using setuptools. Thanks for catching that. That's annoying, and somewhat out of my control. I wish there were a proper solution to the bootstrapping problem that didn't involve migrating every package to flit-core or re-writing software to use suboptimal dependencies. I could probably rewrite coherent.licensed not to use requests, but that is only a bandaid and an existential risk (should another dependency creep in). Fact of the matter it's the same people insisting that we need a LICENSE injected that also are imposing this bootstrapping problem. Nobody's solving the problem, just insisting on it. </rant> I've updated coherent.licensed not to depend on requests. Then let's proceed with this change, no? |
Thank you very much Jason for working on this. |
|
Merged as b74789e |
Let's be very clear here. You created this problem all by yourself by deleting the license file. Which you could simply put back, but that would be admitting you made a mistake, which you seem unable to do. Hence you are also the one responsible for the bootstrapping problem here. In addition, you broke build hermeticity when building directly from a release tag (some distros do this) with this PR, because the new build dependency downloads content from the internet. See https://packaging.python.org/en/latest/discussions/downstream-packaging/#do-not-use-the-internet-during-the-build-process for why that's a problem. |
|
Breaking hermetic builds and introducing cyclic dependencies is not acceptable. The removal of the license file from git and sdists is in violation of my contributions to setuptools and setuptools' license. You have until 2025-05-16 AOE to restore the license file. |
|
To be absolute clear here: I am not asking you politely to please, please consider restoring the license file. I'm telling you that you MUST restore the license file ASAP. There is zero room for debate or backtalk. Your actions are in violation of setuptools' license and my rights as a contributor to setuptools and distutils. I'm taking OSS licenses very serious and will NOT accept any objection. A bunch of people including me have tried to convince you on multiple occasions over the past few weeks. You have been ignoring everybody. I hope that a direct, point-blank demand will make you understand how serious your violation is. CC: CoC working group members @di @gaborbernat @dstufft |
Summary of changes
The main change here is the introduction of the 'coherent.licensed' plugin. This plugin takes the declared license expression and uses it to inject the corresponding license into the sdist and wheel artifacts.
coherent.licensedis developed using thecoherent.buildbackend (and system), but that means the sdist is distributed using flit-core, so doesn't introduce any circular dependencies at build time.Closes #4981
Pull Request Checklist
newsfragments/.(See documentation for details)