Skip to content

skeleton sync #4992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

skeleton sync #4992

wants to merge 5 commits into from
+5 −1

Conversation

jaraco
Copy link
Member

@jaraco jaraco commented May 11, 2025

Summary of changes

The main change here is the introduction of the 'coherent.licensed' plugin. This plugin takes the declared license expression and uses it to inject the corresponding license into the sdist and wheel artifacts.

coherent.licensed is developed using the coherent.build backend (and system), but that means the sdist is distributed using flit-core, so doesn't introduce any circular dependencies at build time.

Closes #4981

Pull Request Checklist

DimitriPapadopoulos and others added 5 commits May 4, 2025 16:06
@DimitriPapadopoulos
Python 3 is the default nowadays (jaraco/skeleton#173)
8673961
@jaraco
Add coherent.licensed plugin to inject license texts into the build.
d2b8d77 
Closes jaraco/skeleton#174
@DimitriPapadopoulos
Revert "Python 3 is the default nowadays (jaraco/skeleton#173)" (jara…
b535e75 
…co/skeleton#175)

This reverts commit 8673961.

Removing `python-version` falls back on the Python bundled with the
runner, making actions/setup-python a no-op. Here, the maintainer
prefers using the latest release of Python 3. This is what `3.x` means:
use the latest release of Python 3.
@jaraco
Merge https://github.com/jaraco/skeleton into skeleton-sync
1f8084f 
Closes #4981
@jaraco
Add news fragment.
9c24fa2
@abravalheri
Copy link
Contributor

abravalheri commented May 12, 2025
edited
Loading

This possibly brings the same dependency cycle limitations of PEP 517, described in coherent-oss/coherent.build#32 -- if built from source code.

So my understanding is that coherent.build replaces the pyproject.toml file in the sdist?

Or maybe that is the idea for future releases, but not present in 0.33.1 yet?

https://inspector.pypi.io/project/coherent-build/0.33.1/packages/26/7d/39d4e1aaf4b25034845756372d610f9a414e3f72ab45a36075380813dd5c/coherent_build-0.33.1.tar.gz/coherent_build-0.33.1/pyproject.toml

Although the coherent-licensed project itself seems to use the flit replacement:

https://inspector.pypi.io/project/coherent-licensed/0.1.1/packages/7c/99/6ce7f20634d19e4a37b597e14d26ae9e9cdebcc534b468e465dad7ae6d34/coherent_licensed-0.1.1.tar.gz/coherent_licensed-0.1.1/pyproject.toml#line.2

So the replacement seems to happen for the projects built with coherent.build but not coherent.build itself, if I understood correctly...

@abravalheri
Copy link
Contributor

abravalheri commented May 12, 2025
edited
Loading

Other than the discussion on the coherent.build cycles,
it seems that the plugin also brings dependencies:

https://inspector.pypi.io/project/coherent-licensed/0.1.1/packages/7c/99/6ce7f20634d19e4a37b597e14d26ae9e9cdebcc534b468e465dad7ae6d34/coherent_licensed-0.1.1.tar.gz/coherent_licensed-0.1.1/pyproject.toml#line.11

That will introduce a dependency cycle: https://github.com/psf/requests (regardless of coherent.build)

@jaraco
Copy link
Member Author

jaraco commented May 12, 2025
edited
Loading

So my understanding is that coherent.build replaces the pyproject.toml file in the sdist?

The original design was that coherent.build wouldn't have a pyproject.toml at all in the repo source code (and in fact still doesn't), and it would inject a minimal pyproject.toml (with the build-system table) to any sdist.

The more recent design based on coherent-oss/system#12 instead "compiles" the repo source into a flit-core-based sdist. It's still opt-in, but I'm inclined to make that the default behavior, because it seems to be the only solution I've found to the bootstrapping problem.

Or maybe that is the idea for future releases, but not present in 0.33.1 yet?

https://inspector.pypi.io/project/coherent-build/0.33.1/packages/26/7d/39d4e1aaf4b25034845756372d610f9a414e3f72ab45a36075380813dd5c/coherent_build-0.33.1.tar.gz/coherent_build-0.33.1/pyproject.toml

Whoops. I had to do a manual release of 0.33.1 due to breakage in the 0.33.0 version and I forgot to opt-in to the flit-core backend. See 0.33.0 for an example of how the code gets compiled to flit. I can simply cut another release 0.33.2 and it will have the same behavior (done).

it seems that the plugin also brings dependencies:

Yes, indeed. It looks like requests is using setuptools. Thanks for catching that. That's annoying, and somewhat out of my control. I wish there were a proper solution to the bootstrapping problem that didn't involve migrating every package to flit-core or re-writing software to use suboptimal dependencies. I could probably rewrite coherent.licensed not to use requests, but that is only a bandaid and an existential risk (should another dependency creep in).

Fact of the matter it's the same people insisting that we need a LICENSE injected that also are imposing this bootstrapping problem. Nobody's solving the problem, just insisting on it.

</rant>

I've updated coherent.licensed not to depend on requests. Then let's proceed with this change, no?

jaraco added a commit to coherent-oss/coherent.licensed that referenced this pull request May 12, 2025
@jaraco
Remove dependency on requests (and thus setuptools).
5f22047 
Ref pypa/setuptools#4992
@abravalheri
Copy link
Contributor

I've updated coherent.licensed not to depend on requests. Then let's proceed with this change, no?

Thank you very much Jason for working on this.
From my point of view this should be fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sdist is missing license file
3 participants
@jaraco @abravalheri @DimitriPapadopoulos