FYI i thought about how we make devpi-server know about which project
depends on which other projects. With that information we could do
all kinds of good things:
- display depency info on the per-project web page or along with release files
(this project depends on ProjectY and ProjectZ)
- display if all recent versions of deps are properly working
and tested with a project's latest release
- could trigger server-side "dependency changed" events so that for example
a tox run could be triggered for the new test configuration
- create pin-versioned requirement files that could be used
with "pip install -r tested-requirements.txt", and/or possibly a UI
like "devpi rinstall X" where it would query the latest set of dependencies
for which tests passed, download all according files and then run
"pip install --no-index FILE1 FILE2 [...]" which wouldn't require
any more network access.
Question is how to best get the (closure) set of dependencies for a
project. I cam currently pondering the following possibilities to
obtain the information at server side:
- if the project has release files as wheels, look at wheel metadata
which lists deps (requires just virtually unzipping a wheel and looking
at safe metadata files)
- "devpi test" could run "setup.py egg_info" and send the requirements
it finds to the server (requires login), additionally it should probably
"pip list" all test dependencies in the respective tox environments
and add them as well because if test dependencies change, tests should
be re-run as well.
These two methods would not require any change in client-facing UI and
allow us to get and display the dependencies information.
Any comments or thoughts on the matter welcome.