Commit 20769cd
committed
Fix lower-constraints job
pip 20.3 finally includes a proper dependency resolver. Its use is
causing the following error messages on the lower-constraints job:
ERROR: Cannot install ... because these package versions have
conflicting dependencies.
The conflict is caused by:
bandit 1.1.0 depends on PyYAML>=3.1.0
cliff 3.4.0 depends on PyYAML>=3.12
openstacksdk 0.52.0 depends on PyYAML>=3.13
Bump our lower constraint for PyYAML to resolve this issue. With that
resolved, we see a new issue:
ERROR: Could not find a version that satisfies the requirement
cryptography>=2.7 (from openstacksdk)
ERROR: No matching distribution found for cryptography>=2.7
This is less self-explanatory but looking at the lower-constraints for
openstacksdk 0.52.0 shows a dependency on cryptography 2.7 [1], meaning
we need to bump this also.
Next up, flake8-import-order seems to cause the dependency resolver to
go nuts, eventually ending with the following error message in a Python
3.6 environment:
Using cached enum34-1.1.2.zip (49 kB)
ERROR: Command errored out with exit status 1:
command: ...
cwd: ...
Complete output (9 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File ".../lib/python3.6/site-packages/setuptools/__init__.py", line 7, in <module>
import setuptools.distutils_patch # noqa: F401
File ".../lib/python3.6/site-packages/setuptools/distutils_patch.py", line 9, in <module>
import re
File "/usr/lib64/python3.6/re.py", line 142, in <module>
class RegexFlag(enum.IntFlag):
AttributeError: module 'enum' has no attribute 'IntFlag'
----------------------------------------
A quick Google suggests this is because the enum34 package is not
complete [2]. We shouldn't even be using it since our base virtualenv
should at least use Python 3.6, but I guess some dependency doesn't
properly restrict the dependency to <= Python 3.4. This is moved from
'test-requirements.txt' to 'tox.ini' since we don't need to use our
constraints machinery for linters.
Finally, the versions of bandit and hacking that pip is bringing in both
requires in a newer version of babel, which in turn requires a new
version of pytz.
Collecting hacking>=2.0.0
...
ERROR: Cannot install oslo.i18n because these package versions have
conflicting dependencies.
The conflict is caused by:
babel 2.9.0 depends on pytz>=2015.7
babel 2.8.1 depends on pytz>=2015.7
babel 2.8.0 depends on pytz>=2015.7
babel 2.7.0 depends on pytz>=2015.7
Seeing as we shouldn't be tracking bandit in
lower-constraints, I'm not sure why we're want to bump these
dependencies for just that. As above, we move these dependencies out of
'test-requirements' and into 'tox.ini' since we can do that for linters.
[1] https://opendev.org/openstack/openstacksdk/src/tag/0.52.0/requirements.txt#L19
[2] treeverse/dvc#1995 (comment)
Change-Id: I8ec738fbcabc8d8553db79a876e5592576cd18fa
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>1 parent fe98069 commit 20769cd
3 files changed
Lines changed: 8 additions & 7 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| |||
105 | 105 | | |
106 | 106 | | |
107 | 107 | | |
108 | | - | |
| 108 | + | |
109 | 109 | | |
110 | 110 | | |
111 | 111 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
5 | 4 | | |
6 | 5 | | |
7 | | - | |
8 | 6 | | |
9 | 7 | | |
10 | 8 | | |
11 | 9 | | |
12 | 10 | | |
13 | 11 | | |
14 | 12 | | |
15 | | - | |
16 | 13 | | |
17 | 14 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
31 | 35 | | |
32 | | - | |
33 | | - | |
| 36 | + | |
| 37 | + | |
34 | 38 | | |
35 | 39 | | |
36 | 40 | | |
| |||
0 commit comments