Closed Bug 1407449 Opened 2 years ago Closed 2 years ago

redo requirements using constraints file

Categories

(Socorro :: General, task)

task
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: willkg, Assigned: osmose)

References

Details

Attachments

(1 file)

Pip 7.1+ supports a constraints file which allows you to constrain which versions of dependencies are allowed to be installed. We can use this in conjunction with our requirements file such that we put first-order dependencies in the requirements file and all the things they depend on in the constraints file.

Then deploys install only the things we need (first-order dependencies and the specific set of things they need) without us having to spend a lot of time maintaining the files.

https://pip.pypa.io/en/stable/user_guide/#constraints-files

This bug covers switching to requirements.txt + constraints.txt.
It's very likely this will affect deploys. However, I'm pretty sure the RPM building code is in the Socorro repo, so it's possible all the changes we need to make will be in the socorro repo.
Mike mentioned this earlier today. I'm going to assign this to him for now and let him pass it off to someone else as he so desires.
Assignee: nobody → mkelly
Blocks: 1306731
Commits pushed to master at https://github.com/mozilla-services/socorro

https://github.com/mozilla-services/socorro/commit/a0c807c8cbb2040b29bc929848b64e453165427b
Fix bug 1407449: Use a constraints file for our Python requirements.

This splits the requirements.txt file into two:

- requirements/default.txt, which contains direct dependencies that are used by
  Socorro.
- requirements/constraints.txt, which contains dependencies of the direct
  dependencies, and the hashes that we accept for them.

bootstrap.sh was updated to use this new format for the existing infrastructure,
and Dockerfile was updated for the new infrastructure.

The following dependencies were removed because they were either not used, or
were dependencies of another dependency that was not used:

- argparse
- BeautifulSoup
- certifi
- cffi
- cryptograph
- futures
- google
- gunicorn
- honcho
  - A Procfile existed in the repo root to be used by honcho, but it is
    out-of-date (it refers to the old middleware) and was also removed.
- idna
- ipaddress
- mercurial
- ndg
- Paste
- path
- pgxnclient
  - This was only used by scripts/json-enhancements.sh, which is not used
    anymore and was also removed, along with its entry in Makefile.
- pycparser
- pyOpenSSL
- sqlalchemy
- toposort
- uritemplate
- wsgiref

The following dependencies were moved to requirements/constraints.txt as they
are not direct dependencies:

- configobj
- configparser
- cssselect
- decorator
- django-jsonfield
- enum34
- httplib2
- Mako
- MarkupSafe
- mccabe
- py
- pyasn1
- pyasn1-modules
- pycodestyle
- pyflakes
- python-editor
- rsa
- sasl
- simplejson
- six
- thrift
- urllib3

https://github.com/mozilla-services/socorro/commit/38cf1d99efc3a2d8848b50ba2225bfa050e8f0e8
Merge pull request #4062 from Osmose/constraints

Fix bug 1407449: Use a constraints file for our Python requirements.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.