For now, let’s stick with one thread. I know I’ve seen “take two” and “reboot” threads for PEPs in the past, but I’m not convinced it won’t do more harm than good right now. We can always create a new summary thread, lock this one, and migrate discussion to a “reboot” if it seems like the right decision in the future.
I’ve just put in a body of work on the PEP to document the JS and Ruby ecosystem solutions.
Writing down some of the details about JS was interesting and revealing in a few ways. As a particular point of interest, peerDependenciesMeta
in package.json
relies on being able to match names against peerDependencies
in very much the same way that we’ve suggested here that tool configs could refer to packages to extend standard metadata with tool-specific data.
It would be nice to have a smooth upgrade path from using string dependency specifiers to using tables of structured data, and to use the keys in the table representation as the package names. Combining these characteristics seems to be troublesome.
To clarify, this is a nice thing for new users to learn:
[dependency-groups]
test = ["pytest<8", "coverage"]
and this is a nice thing for ensuring each dependency is named:
[dependency-groups.test]
pytest = {version = "<8"}
coverage = {}
Perhaps simply allowing these two options side-by-side is best? (Either a dependency group is a list of strings or it is a table?)
I admit to wanting “something better” without seeing an obvious realistic option. How you represent coverage
with no version in the above example is a particular sticking point.
It’s also unclear if this implies that an include of one dependency group in another needs to be named.
I was expecting that tools would inspect the path, but I’m not sure that there are realistic usages for built distributions here. The only use-cases I know of for path
are path = "."
and path = "../foo/"
.
Perhaps the correct step forward here is to restrict this to directories-only.
It would be relatively easy to extend this in a number of ways in the future if sdist or wheel paths turn out to be important. I’m not aware of any need to support the non-directory cases.
This comment tells me that something has gone wrong between my intent and the document. This should not only be clearly possible, but one of the main use cases being supported. I need to read with a critical eye to see how this was lost or muddied.
A Dependency Group does not implicitly include the current package (if there is one) or [project.dependencies]
. So the non-autodoc sphinx case is readily supported by
[dependency-groups]
docs = ["sphinx"]
This is part of why I want to include path
support in this proposal, so that {path = "."}
can be used for Dependency Groups which want to include the current package.
In this way, Dependency Groups should read like a formalization of requirements.txt
files, and many requirements files should translate naturally.
For example,
# test.txt
pytest
.
becomes
test = ["pytest", {path = "."}]
This relates to the question of how to support the use cases which drive --only-deps
, but they are also somewhat separate. The current draft’s only-deps
flag provides for referring to [project.dependencies]
directly, as --only-deps
would. Otherwise, there is no way to refer to the contents of [project.dependencies]
except to install the package.
If we drop only-deps
from the spec, then I would want an example of dynamic [project.dependencies]
content which refers to a dependency group.
For example:
[dependency-groups]
production = ["arrow"] # a dependency group is declared
[project]
dynamic = ["dependencies"] # dependencies is declared as dynamic
# and the build backend does the necessary translation
# potentially it errors at build time if the dependency data
# includes path dependencies
[tool.some-build-tool.dynamic]
dependencies = {"dependency-groups": ["production"]}
The key thing is that it’s somehow possible to refer to the same data as [project.dependencies]
but without the project. The above dynamic approach could achieve that, if build backends are interested in supporting it.