Skip to content

Commit

Permalink
[setup] add fallback version
Browse files Browse the repository at this point in the history
We are trying to lock down the `python-requirements.txt` file in the
lowRISC/opentitan repository by adding hashes for all dependencies
(including transitive dependencies), to satify OpenTitan partner
organization-level requirements. To do so, we would like to generate a
python-requirements.txt file with the required hashes using the
`pip-compile` command from the `pip-tools` package.

The way the version is detected in the `setup.py` configuration in this
package is using the `use_scm_version` feature which attempts to extract
the version from VCS (i.e., git) metadata. However, this requires installing
the package with `pip install git+https://github.com/lowRISC/fusesoc.git@<tag>`.
However, to use the `pip-compile` command to generate secure
`python-requirements.txt` file (i.e., one with pinned hashes), requires
installing packages directly using the HTTPS URL syntax, i.e.,
`pip install https://github.com/lowRISC/fusesoc/archive/refs/tags/ot-0.3.zip`,
i.e., bypassing git. Unfortunately, this fails to find the version,
since there is no git metadata to parse.

Therefore, I updated the `setup.py` configuration to use a
"fallback_version".

Signed-off-by: Tim Trippel <ttrippel@google.com>
  • Loading branch information
timothytrippel committed Aug 9, 2023
1 parent 58bbb86 commit adddafe
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ def read(fname):
use_scm_version={
"relative_to": __file__,
"write_to": "fusesoc/version.py",
"fallback_version": "0.4",
},
author="Olof Kindgren",
author_email="olof.kindgren@gmail.com",
Expand Down

0 comments on commit adddafe

Please sign in to comment.