Skip to main content

Poetry extension enabling group dependency application at the lock stage

Project description

PyPI PyPI - Python Version PyPI - Wheel License

DEPRECATION NOTICE

Warning - this plugin has been deprecated. Developers should instead consider using the poetry-monorepo-dependency-plugin to support deploying and releasing Poetry projects with path-based dependencies on other Poetry projects within a monorepo.

Overview

poetry-lock-groups-plugin is a lightweight plugin which enables Poetry's dependency group options (--with, --without, --only) when executing the lock command. Broadly, this plugin helps enable a solution pattern that developers may use when working with and releasing packages within a more complex Python monorepo environment that relies on path-based dependencies.

Installation

Execute the following command:

poetry self add poetry-lock-groups-plugin

Use Case

When working within a Python monorepo project structure with local path dependencies, a frequently encountered challenge involves publishing these packages to a PyPI index in a way that can be easily utilized by downstream consumers. Specifically, while editable path dependencies work well to support normal development activities, publishing a package with local path dependencies into a usable sdist or wheel archive typically involves replacing those path dependencies with references to packages that are resolvable within a PyPI repository.

In order to support this scenario, rather than maintaining two distinct versions of pyproject.toml (one with local path dependencies and the other with PyPI resolvable dependencies), developers may leverage dependency groups. Vanilla Poetry recognizes dependency groups only at the install phase - by advancing that recognition to the lock stage, we enable predictable, flexible patterns to support monorepo development.

Example

Given the following pyproject.toml where my-poetry-project depends on common-library within the same monorepo project structure:

[tool.poetry]
name = "my-poetry-project"
version = "0.1.0.dev"
description = ""

[tool.poetry.dependencies]
python = "^3.9"

[tool.poetry.plugins."poetry.application.plugin"]
lock-groups-plugin = "poetry_lock_groups.plugin:LockGroupsPlugin"

[tool.poetry.group.remote.dependencies]
common-library = "^1.2.6"

[tool.poetry.group.local.dependencies]
common-library = {path = "../../common-library/"}

[build-system]
requires = ["poetry-core>=1.2"]
build-backend = "poetry.core.masonry.api"

By running the following command:

poetry lock --with remote --without local

This will generate a poetry.lock file that includes the dependency definitions within the remote group, but without those in the local group. Note that if we included both groups, or simply refrained from specifying group usages, we would see behavior identical to that in vanilla Poetry, which is, in this case, undefined.

Developers will typically execute the following commands as a part of their development workflow while building/testing functionality:

poetry lock --with local --without remote
poetry install --with local --without remote

However, when performing releases, developers will execute the following to ensure that local path dependencies are removed from archives that are published to the configured PyPI repository:

poetry lock --with remote --without local
poetry install --with remote --without local

Consider using Habushu to codify and automate this workflow!

Usage Considerations

Note that the following sequence of commands may fail:

poetry lock --without local
poetry install --with local

This is because the poetry install command searches poetry.lock to install dependencies. By building the lock file without the local group, any dependencies that exist only within that group will have no known sources, rendering them unresolvable.

poetry-lock-groups-plugin only modifies lock operations initiated via the lock command. It makes no attempt to modify behavior resulting from an implied lock, such as when running poetry install without having already created a lock file.

Alternative Approaches

Instead of using dependency groups as described above to capture local path dependencies in a monorepo project, developers may consider using the poetry-stickywheel-plugin or other similar approach to dynamically re-write pyproject.toml on archive deployment with local path dependency declarations appropriately replaced.

Releasing to PyPI

Releasing poetry-lock-groups-plugin leverages the maven-release-plugin to automate release preparation and delegates to the habushu-maven-plugin to publish the package to PyPI during the deploy phase. A PyPI account with access to the poetry-lock-groups-plugin project is required. PyPI account credentials should be specified in your settings.xml under the <id>pypi</id> <server> entry:

<settings>
  <servers>
    <server>
      <id>pypi</id>
      <username>pypi-username</username>
      <password>pypi-password</password>
    </server>
  </servers>
</settings>

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

poetry-lock-groups-plugin-1.0.1.tar.gz (4.2 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file poetry-lock-groups-plugin-1.0.1.tar.gz.

File metadata

  • Download URL: poetry-lock-groups-plugin-1.0.1.tar.gz
  • Upload date:
  • Size: 4.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.2.1 CPython/3.9.13 Darwin/21.6.0

File hashes

Hashes for poetry-lock-groups-plugin-1.0.1.tar.gz
Algorithm Hash digest
SHA256 938373f55968a6d9011a778c3ff05561770b4651ead9f00b67c6538a232684ee
MD5 a0692483849f88b8163c070b6509b8be
BLAKE2b-256 0c24bd05a3cd027a8d31d4f1e0997fa0ee3893f02eb7fec77582bf929ed146db

See more details on using hashes here.

File details

Details for the file poetry_lock_groups_plugin-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for poetry_lock_groups_plugin-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f28d9c71ffb3f0406cda72f971661063437ab5a14b01cd7b21a95b4671b13fb0
MD5 9bd4a73db4e51083cdf3ca4f17573bb3
BLAKE2b-256 5c40478a557c087417f0959a095d7d7d821186cb1541c8d0b7c917ea9377f1df

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page