This repository was archived by the owner on Dec 31, 2021. It is now read-only.
Update python buildpack #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Updates pip from 23.0.1 to 23.1.2 - Updates setuptools from 67.6.1 to 67.7.2 See: https://pip.pypa.io/en/stable/news/#v23-1-2 https://setuptools.pypa.io/en/stable/history.html#v67-7-2 The new pip version now outputs the origin of each requirement (eg the requirements file path which listed it). As such, the `pip install` invocations have also been adjusted to use a relative path to the app's requirements file, so that the log output doesn't end up including the full tmp directory path (eg `(/tmp/build_d73c77c7/requirements.txt`), which would make the logs more cluttered and harder to diff between builds. GUS-W-12345615. GUS-W-13108504.
In some older versions of Python multiple pip wheels have been accidentally bundled with the Python stdlib upstream. For example in Python 3.9.0 (which has been superseded by newer patch versions of Python 3.9.x): https://github.com/python/cpython/tree/v3.9.0/Lib/ensurepip/_bundled After #1442, this results in eg: ``` -----> Installing pip 23.1.2, setuptools 67.7.2 and wheel 0.40.0 /app/.heroku/python/bin/python: can't open file '/build/.heroku/python/lib/python3.9/ensurepip/_bundled/pip-20.2.1-py2.py3-none-any.whl .heroku/python/lib/python3.9/ensurepip/_bundled/pip-20.2.3-py2.py3-none-any.whl/pip': [Errno 2] No such file or directory ``` Whilst these affected Python versions are old/insecure and not available on newer stacks, we should still make sure they work as expected. As such, the lookup of the bundled pip wheel needs to handle this case, which it now does by just picking the first found pip wheel. This was spotted via https://heroku.support/1245122, which was from an app using the `main` branch of this buildpack (since #1442 hasn't yet been released to the buildpack registry). GUS-W-13111316.
Since the Heroku-18 stack has reached end-of-life, and as such build using it are no longer supported by the Heroku build system: https://devcenter.heroku.com/changelog-items/2583 This fixes the integration tests failing in CI for the Heroku-18 stack, due to the build system now (as expected) rejecting the jobs, eg: https://github.com/heroku/heroku-buildpack-python/actions/runs/4852163562/jobs/8646809603?pr=1448#step:5:165 The Heroku-18 stack was the last to have Python binaries available for Python 2.7, 3.5 and 3.5, so the EOL conditionals and testcases for those versions have now been removed. Any non-Heroku consumers of this buildpack that wish to continue using the Heroku-18 stack should pin to the previous version of this buildpack. GUS-W-10446293.
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.49.0 to 1.50.2. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.49.0...v1.50.2) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.19.0 to 2.20.0. - [Release notes](https://github.com/rubocop/rubocop-rspec/releases) - [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-rspec@v2.19.0...v2.20.0) --- updated-dependencies: - dependency-name: rubocop-rspec dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-core](https://github.com/rspec/rspec-core) from 3.12.1 to 3.12.2. - [Release notes](https://github.com/rspec/rspec-core/releases) - [Changelog](https://github.com/rspec/rspec-core/blob/main/Changelog.md) - [Commits](rspec/rspec-core@v3.12.1...v3.12.2) --- updated-dependencies: - dependency-name: rspec-core dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-expectations](https://github.com/rspec/rspec-expectations) from 3.12.2 to 3.12.3. - [Release notes](https://github.com/rspec/rspec-expectations/releases) - [Changelog](https://github.com/rspec/rspec-expectations/blob/main/Changelog.md) - [Commits](rspec/rspec-expectations@v3.12.2...v3.12.3) --- updated-dependencies: - dependency-name: rspec-expectations dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) The recent changes to the Python getting started guide mean the existing log output assertions need adjusting, since the tests are now failing: https://github.com/heroku/heroku-buildpack-python/actions/runs/4869442189/jobs/9038239643#step:5:375 heroku/python-getting-started@7d2f6a1...c99a168 The `getting_started_spec.rb` test has been removed rather than fixing it, since it was a duplicate of the tests in `django_spec.rb`. GUS-W-13152716.
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.50.2 to 1.51.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.50.2...v1.51.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.20.0 to 2.22.0. - [Release notes](https://github.com/rubocop/rubocop-rspec/releases) - [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-rspec@v2.20.0...v2.22.0) --- updated-dependencies: - dependency-name: rubocop-rspec dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Announcement: https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html Release notes: https://www.python.org/downloads/release/python-3717/ https://www.python.org/downloads/release/python-3817/ https://www.python.org/downloads/release/python-3917/ https://www.python.org/downloads/release/python-31012/ https://www.python.org/downloads/release/python-3114/ Binary builds on GitHub Actions: https://github.com/heroku/heroku-buildpack-python/actions/runs/5191943879 https://github.com/heroku/heroku-buildpack-python/actions/runs/5191946744 https://github.com/heroku/heroku-buildpack-python/actions/runs/5191948020 https://github.com/heroku/heroku-buildpack-python/actions/runs/5196879395 https://github.com/heroku/heroku-buildpack-python/actions/runs/5198901362 Note: Unless there is another adhoc security release for Python 3.7 in June, the Python 3.7.17 release will be the last Python 3.7 release, given 3.7 enters EOL at the end of this month: https://devguide.python.org/versions/#supported-versions GUS-W-12345417. GUS-W-13545877. GUS-W-13545878. GUS-W-13545882. GUS-W-13550498.
Minor cleanup of the error handling in this bash script.
https://setuptools.pypa.io/en/stable/history.html#v67-8-0 pypa/setuptools@v67.7.2...v67.8.0 This is the classic buildpack equivalent of: heroku/buildpacks-python#43 GUS-W-13551852.
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.51.0 to 1.54.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.51.0...v1.54.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
As of 30th June, Python 3.7 has reached end-of-life upstream: https://devguide.python.org/versions/#supported-versions This means there will be no new Python 3.7 patch versions released upstream, so no security updates or bug fixes. The existing buildpack deprecation message has been updated to reflect this, and now also mentions that support for building Python 3.7 apps will be removed in October 2023. In addition, the scripts and GitHub Actions workflows used to compile and upload new Python runtime versions have been updated to drop support, since there will be no new Python 3.7 releases for us to upload. GUS-W-13717141. GUS-W-13717143.
The AWS CLI requires that the `AWS_DEFAULT_REGION` env var be set in order for authentication to work. Previously `AWS_DEFAULT_REGION` was set to `us-west-2`, however, this is different from the region our S3 buckets are in (`us-east-1`). Whilst this doesn't affect the command we run at all, it caused confusion recently as to what region the Python bucket was in, so for clarity the default value has now been changed to match the region of the S3 bucket `heroku-buildpack-python`.
Since these files no longer exist as of #1432.
Since they don't reflect current buildpack behaviour or intended direction.
Previously the versions of the pip, setuptools, wheel and pipenv packaging tools were stored as constants in the buildpack scripts. Now, they are stored in requirements files, so that Dependabot can recognise and update them. The PRs opened by Dependabot will still need human intervention (in the form of adding appropriate changelog entries), however, this change will at least save us from having to keep an eye out for new releases, and reduces the amount of toil required compared to opening a PR from scratch. This is the classic buildpack equivalent of: heroku/buildpacks-python#29 GUS-W-13767545.
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.54.0 to 1.54.2. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.54.0...v1.54.2) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump pip from 23.1.2 to 23.2 in /requirements Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@23.1.2...23.2) --- updated-dependencies: - dependency-name: pip dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add changelog entry * Update test assertion for change in pip install output --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]> GUS-W-12345619.
* Bump setuptools from 67.8.0 to 68.0.0 in /requirements Bumps [setuptools](https://github.com/pypa/setuptools) from 67.8.0 to 68.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v67.8.0...v68.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Add changelog entry --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]> GUS-W-13659044.
* Bump pipenv from 2023.2.4 to 2023.7.11 in /requirements Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.2.4 to 2023.7.11. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2023.2.4...v2023.7.11) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add changelog entry * Fix hardcoded pipenv version in tests * Update test assertions for new pipenv deprecation warning --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]> GUS-W-13771288.
* Bump pip from 23.2 to 23.2.1 in /requirements Bumps [pip](https://github.com/pypa/pip) from 23.2 to 23.2.1. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@23.2...23.2.1) --- updated-dependencies: - dependency-name: pip dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update changelog entry --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
* Bump wheel from 0.40.0 to 0.41.0 in /requirements Bumps [wheel](https://github.com/pypa/wheel) from 0.40.0 to 0.41.0. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.40.0...0.41.0) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add changelog entry --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
* Bump pipenv from 2023.7.11 to 2023.7.23 in /requirements Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.7.11 to 2023.7.23. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2023.7.11...v2023.7.23) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update changelog entry --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
Python 3.8 reached upstream EOL on 7th October 2024: https://devguide.python.org/versions/#supported-versions The Python version support policy is that supported versions follows the upstream EOL lifecycle: https://devcenter.heroku.com/articles/python-support#python-version-support-policy As such, the buildpack has been showing a deprecation warning with a scheduled removal date since December 2023: - #1515 - #1721 - https://devcenter.heroku.com/changelog-items/2768 (Plus Python 3.8 binaries have never been available for Heroku-22 or Heroku-24, meaning it was only ever supported on Heroku-20 and older.) Dropping support for Python 3.8 also unblocks upgrading to Poetry v2 (which has already dropped 3.8 support). Apps using Python 3.8 that aren't able to upgrade immediately will need to pin to an older buildpack version temporarily (which will work until Heroku-20 EOLs). A deprecation warning has now also been added for Python 3.9. GUS-W-17472311. GUS-W-14846945.
Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
* Bump poetry from 1.8.5 to 2.0.1 Bumps [poetry](https://github.com/python-poetry/poetry) from 1.8.5 to 2.0.1. - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md) - [Commits](python-poetry/poetry@1.8.5...2.0.1) --- updated-dependencies: - dependency-name: poetry dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Switch to `poetry sync` Since `poetry install --sync` has been deprecated in favour of the new `poetry sync` command. * Switch one fixture to using the `[project]` table So we have coverage of both the old and new style dependency table syntax. * Revert "Switch one fixture to using the `[project]` table" This reverts commit a0bb951. Since the `poetry_basic` fixture is also used for the old buildpack version test, and so fails when the Poetry 1.x version in the old buildpack can't read the Poetry v2 lockfile. We can land this later, once a historic buildpack version exists that uses a Poetry 2.x release. * Add changelog entry * Update test log output for new version --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
* Bump the ruby-dependencies group with 2 updates Bumps the ruby-dependencies group with 2 updates: [logger](https://github.com/ruby/logger) and [rubocop](https://github.com/rubocop/rubocop). Updates `logger` from 1.6.4 to 1.6.5 - [Release notes](https://github.com/ruby/logger/releases) - [Commits](ruby/logger@v1.6.4...v1.6.5) Updates `rubocop` from 1.69.2 to 1.70.0 - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.69.2...v1.70.0) --- updated-dependencies: - dependency-name: logger dependency-type: direct:development update-type: version-update:semver-patch dependency-group: ruby-dependencies - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor dependency-group: ruby-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> * Update Ruby/bundler versions --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
Backports some test naming/strategy improvements from the CNB, along with some general classic-specific clean-ups. Towards #1616. GUS-W-17679633.
Since the command is now named `make run` after #1597.
Bumps the ruby-dependencies group with 2 updates: [rubocop](https://github.com/rubocop/rubocop) and [rubocop-rspec](https://github.com/rubocop/rubocop-rspec). Updates `rubocop` from 1.70.0 to 1.71.1 - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.70.0...v1.71.1) Updates `rubocop-rspec` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/rubocop/rubocop-rspec/releases) - [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-rspec@v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor dependency-group: ruby-dependencies - dependency-name: rubocop-rspec dependency-type: direct:development update-type: version-update:semver-minor dependency-group: ruby-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The `runtime.txt` file is a classic Heroku Python buildpack invention that's not widely supported in the Python ecosystem. Instead, most other tooling (pyenv, package managers, GitHub Actions, dependency update bots etc) support/use the `.python-version` file. As such, we recently added `.python-version` support to both the Python CNB and the classic Python buildpack, and updated all documentation and guides to use it instead of the `runtime.txt` file. eg: https://devcenter.heroku.com/articles/python-runtimes We would prefer apps use the new file, since it helps ensure their deployed app is using the same Python version used locally (via eg pyenv or uv) or in CI. As such this adds a deprecation warning for apps using `runtime.txt`. Closes #1642. GUS-W-16878260.
Release announcement: https://blog.python.org/2025/02/python-3132-and-3129-now-available.html Changelog: https://docs.python.org/3.13/whatsnew/changelog.html#python-3-13-2-final https://docs.python.org/3.12/whatsnew/changelog.html#python-3-12-9-final Binary builds: https://github.com/heroku/heroku-buildpack-python/actions/runs/13146826968 https://github.com/heroku/heroku-buildpack-python/actions/runs/13146829096 GUS-W-17476919. GUS-W-17476929.
Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
Adds a `failure_detail` field in addition to the existing `failure_reason`, which contains additional context relevant to the failure where available. This will make it easier to find trends in the most frequent user-caused failure modes (eg invalid Python version specifier) so I can then adjust error messages/docs/implementation to improve UX. This context sometimes contain user input, so the values saved to the metadata store now also have additional escaping and validation performed before writing the value (in addition to the existing YAML escaping performed in `bin/report`). GUS-W-17800067.
Now that the changelog post exists: https://devcenter.heroku.com/changelog-items/3141
Refactors the Python download/install and outdated version warning steps, improves error/warning messages and improves buildpack metrics. See the changelog entries for more details. Fixes #1701. Closes #1708. GUS-W-8059919. GUS-W-17844538. GUS-W-17844985. GUS-W-17845321.
* Prepare release v277 * Update changelog --------- Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
The Git tags for buildpack releases v208 to v265 have been archived (renamed from `vNNN` to `archive/vNNN`) for the reasons in #1699 (similar to the process performed in the past for release v207 and older). As such, the changelog compare URLs need updating, as do the test fixtures that test building an app whose last (cached) build was performed using an older version of the buildpack. Closes #1699. GUS-W-17308840.
When a dependency from a version control system (eg Git) is installed in editable mode, the package manager has to clone the repository somewhere long-lived, that is then referenced by the `.pth` file added to `site-packages`. (When installed in normal non-editable mode, the repo checkouts are instead saved to a temporary directory and deleted after the package is installed.) Until now, the buildpack configured pip and Pipenv to store these repos at `/app/.heroku/src/`, then later copied those files into the build directory and build cache. However, this approach isn't needed with the `.pth` rewriting we have now. In addition, the existing implementation didn't actually restore the cached `src/` directory, so the repos stored in the cache were never re-used on subsequent builds anyway. Now, pip and pipenv are configured to store the repositories at `<BUILD_DIR>/.heroku/python/src/`, which means: - The behaviour now matches that when using Poetry. - The repos get cached/restored/invalidated for free, as part of the existing handling of the `.heroku/python/` directory, and we avoid the additional directory copy from `/app` to `/tmp`, both of which help reduce build times. GUS-W-17863838.
Backports a number of updates/improvements to the pip/Poetry/Pipenv package manager integration tests found while working on the tests for uv.
Updates `make run` (used locally during development) to: - Run a second build after the first, which allows for easy testing of cached workflows. This second build uses a different build directory path to the first, to match the Heroku Cedar/classic build system and allow for testing that relocation/path rewriting works as expected. - Exit non-zero if the compile failed (it previously didn't, so we could test `bin/report` for failing builds - but that's now handled via a customisable exit code). GUS-W-17879839.
Heroku builds occur at a different path to which the app will be run at run-time. As such, we have to perform path rewriting for editable dependencies, so that they work after relocation. The existing rewriting is performed at app boot (see code comment for more details), and works fine with pip and Poetry. However, I discovered that Pipenv doesn't correctly reinstall editable VCS dependencies if they use the new PEP660 style editable interface, which I've reported upstream here: pypa/pipenv#6348 This issue has affected apps using editable VCS dependencies with Pipenv for some time, but until now only at build-time for cached builds. However, after #1753 (which thankfully isn't yet released, due to me catching this as part of updating the tests to exercise the new PEP660 style editable interface) would otherwise affect apps at run-time too. As a workaround, we can perform build time rewriting of paths too, but must do so only for VCS dependencies (see code comment for why). Lastly, the Pipenv bug also requires that we perform explicit cache invalidation for Pipenv apps after the src dir move in #1753. GUS-W-17884520.
Bumps the ruby-dependencies group with 4 updates: [logger](https://github.com/ruby/logger), [rspec-core](https://github.com/rspec/rspec-core), [rubocop](https://github.com/rubocop/rubocop) and [rubocop-rspec](https://github.com/rubocop/rubocop-rspec). Updates `logger` from 1.6.5 to 1.6.6 - [Release notes](https://github.com/ruby/logger/releases) - [Commits](ruby/logger@v1.6.5...v1.6.6) Updates `rspec-core` from 3.13.2 to 3.13.3 - [Release notes](https://github.com/rspec/rspec-core/releases) - [Changelog](https://github.com/rspec/rspec-core/blob/main/Changelog.md) - [Commits](https://github.com/rspec/rspec-core/commits) Updates `rubocop` from 1.71.1 to 1.72.2 - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.71.1...v1.72.2) Updates `rubocop-rspec` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/rubocop/rubocop-rspec/releases) - [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-rspec@v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: logger dependency-type: direct:development update-type: version-update:semver-patch dependency-group: ruby-dependencies - dependency-name: rspec-core dependency-type: direct:development update-type: version-update:semver-patch dependency-group: ruby-dependencies - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor dependency-group: ruby-dependencies - dependency-name: rubocop-rspec dependency-type: direct:development update-type: version-update:semver-minor dependency-group: ruby-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
This is an alternative approach to installing Poetry that means we can skip installing pip into its virtual environment, but still support the outdated Python versions which bundle older pip (that don't support the `--python` option; see #1687) or that don't correctly isolate the environment when running `ensurepip` (see #1698). Skipping installing pip speeds up the cold cache build for Poetry slightly, and also reduces the build cache size (which will help with the cache save and restore times for warm builds too). The pip installed in the Poetry venv wasn't exposed to apps (since it wasn't on `PATH`) so is safe to remove. GUS-W-17895154.
Ported from the experimental uv branch, since the uv implementation was based on the Poetry one.
To suppress this Rubocop warning: ``` $ make lint rubocop-rspec extension supports plugin, specify `plugins: rubocop-rspec` instead of `require: rubocop-rspec` in /Users/emorley/src/heroku-buildpack-python/.rubocop.yml. For more information, see https://docs.rubocop.org/rubocop/plugin_migration_guide.html. ```
* Any errors are now indented using the same indent helper used for other buildpack subprocesses. * Adds "temporary network issue" verbiage based on that now used for the Python runtime download step. GUS-W-17895970.
…1765) Since while removing them makes the install logs slightly shorter, it hides what is happening and makes it harder to see what package version a historic build may have been using from the logs alone. For example, when comparing a last successful build to a newly failing build. This now matches the behaviour for our other supported package managers, where we don't filter out install lines relating to already installed/cached packages. As a compromise, we still edit the lines slightly, to remove the redundant site-packages path information, which would otherwise cause each package message to span multiple lines. GUS-W-17897541.
* Bump poetry from 2.0.1 to 2.1.1 Bumps [poetry](https://github.com/python-poetry/poetry) from 2.0.1 to 2.1.1. - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md) - [Commits](python-poetry/poetry@2.0.1...2.1.1) --- updated-dependencies: - dependency-name: poetry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Set `POETRY_VIRTUALENVS_USE_POETRY_PYTHON` Since in theory it should force Poetry to not search for other Python versions if the project's `requires-python` (or `tool.poetry` equivalent) doesn't match the Python version we installed. * Add changelog entry * Update one fixture to PEP-621 style `pyproject.toml` So we have fixtures testing both the new and old style config. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ed Morley <[email protected]>
Co-authored-by: heroku-linguist[bot] <136119646+heroku-linguist[bot]@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fetch from upstream repo.