Skip to content

Clean up and pin dependencies

EorlBruder requested to merge EorlBruder/cli:fix-9 into master

This MR is regarding #9 (closed).

Changes

  • Removed the requirements.txt, thus we only have one way of tracking dependencies (the setup.cfg)
  • Adjusted the metadata in setup.cfg. This would mean a transfer from @agate to the collective.
  • split up the extra_requires into dev, build and test
  • I pinned the dependencies to the ones which pip auto-pulled for me

Open questions

  • Is the transfer of the authorship desired in this case?
  • I was a bit unsure about which e-mail-address to use in the metadata, for now I used the one from https://dev.funkwhale.audio/funkwhale/mopidy/-/blob/master/setup.cfg
  • I'm a little bit conflicted about pinning the dependencies to those specific versions. On one hand it means we know the environment in which each version of the tool will run, thus making debugging easier. On the other hand it means we should continually update, to not miss critical updates. I can imagine something like https://gitlab.com/dependabot-gitlab/dependabot could help out here?
  • What is the best practice regarding which version to pin and how to pin it? Like I mentioned in this case I just used the ones which pip pulled for me - but should maybe rather pull more "major" versions and use "~=" for minor versions?
  • In the classifiers-section Python 3.6 is specifically mentioned. Should this be bumped up to a newer version too?
  • In the cli.spec, there's a line referencing a specfic home-directory. I feel like this should be more generic, though I have no idea what exactly happens in that file and also nothing seems to be breaking atm. (I marked that one with a TODO).
Edited by Georg Krause

Merge request reports