Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for updating Poetry pyproject.toml, not just poetry.lock? #8603

Open
1 task done
glennmatthews opened this issue Dec 13, 2023 · 5 comments
Open
1 task done
Labels
L: python:poetry Python packages via poetry L: python T: bug 🐞 Something isn't working

Comments

@glennmatthews
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

poetry

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

/pyproject.toml, /poetry.lock

dependabot.yml content

Default configuration (no dependabot.yml)

Updated dependency

No response

What you expected to see, versus what you actually saw

Given that the documentation specifies that the default versioning-strategy for the Python ecosystem is auto, I'd expect Dependabot PRs to by default update pyproject.toml as per either theincrease or widen strategies.

Instead, only the poetry.lock is updated by Dependabot. This is of very limited usefulness since poetry.lock only influences what gets installed when working directly in the repository, and has no impact on the dependencies that are specified when packaging and distributing our code via PyPI. As a result, we almost always have to manually "fix up" Dependabot's pull requests (usually by pulling down the branch and manually running poetry add <dependency>~<new-version>) to include appropriate pyproject.toml updates in order to actually affect the packaging of our project.

I'm guessing that this may be because Dependabot states support for PEP 621 compliant pyproject.toml files, and Poetry's pyproject.toml is not currently PEP 621 compliant. But as an end user of Dependabot, it would be useful to have this variant file format supported as well.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

@glennmatthews glennmatthews added the T: bug 🐞 Something isn't working label Dec 13, 2023
@gshpychka
Copy link

The docs don't even mention the capability to make updates to poetry.lock, making this even more confusing

@jakecoffman jakecoffman added L: python:poetry Python packages via poetry L: python labels Dec 19, 2023
@watermarkhu
Copy link

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

@carlincherry
Copy link
Member

cc @carlincherry @cmrice

@lucasoskorep
Copy link

lucasoskorep commented Sep 25, 2024

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

This dependency has been merged in - is this ticket completed or just something that can be actively worked on now*?

@mluypaert
Copy link

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

This dependency has been merged in - is this ticket completed or just something that can be actively worked on now*?

While python-poetry/poetry-core#708 has indeed been merged, it hasn't been released to public yet (will come as a new 2.*.* poetry release), which is presumably waiting for python-poetry/poetry#9136 to be completed. Until that time, there's no reliable way for poetry end-users to use these PEP-621 compliant pyproject.toml dependencies, and hence this ticket cannot be called completed until then. At the very least, the dependabot docs should be updated to reflect that dependabot only supports poetry 2.* and only when using PEP-621 compliant pyproject.toml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
L: python:poetry Python packages via poetry L: python T: bug 🐞 Something isn't working
Projects
None yet
Development

No branches or pull requests

7 participants