Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[setup.py] add fallback version #2

Merged
merged 2 commits into from
Aug 24, 2023

Conversation

timothytrippel
Copy link

We are trying to lock down the python-requirements.txt file in the lowRISC/opentitan repository by adding hashes for all dependencies (including transitive dependencies), to satify OpenTitan partner organization-level requirements. To do so, we would like to generate a python-requirements.txt file with the required hashes using the pip-compile command from the pip-tools package.

The way the version is detected in the setup.py configuration in this package is using the use_scm_version feature which attempts to extract the version from VCS (i.e., git) metadata. However, this requires installing the package with pip install git+https://github.com/lowRISC/fusesoc.git@<tag>. However, to use the pip-compile command to generate secure python-requirements.txt file (i.e., one with pinned hashes), requires installing packages directly using the HTTPS URL syntax, i.e., pip install https://github.com/lowRISC/fusesoc/archive/refs/tags/ot-0.3.zip, i.e., bypassing git. Unfortunately, this fails to find the version, since there is no git metadata to parse.

Therefore, I updated the setup.py configuration to use a "fallback_version".

This addresses part of lowRISC/opentitan#19401.

@timothytrippel
Copy link
Author

timothytrippel commented Aug 9, 2023

@GregAC not sure who is the admin of this fork, but perhaps you could help me get this merged (or point me in the right direction)? so we can address lowRISC/opentitan#19401 to keep the regressions running :)

@timothytrippel
Copy link
Author

CC: @rswarbrick

@GregAC
Copy link

GregAC commented Aug 15, 2023

@timothytrippel any idea what the CI failure is about? Sadly python packaging is not my strong suit!

We are trying to lock down the `python-requirements.txt` file in the
lowRISC/opentitan repository by adding hashes for all dependencies
(including transitive dependencies), to satify OpenTitan partner
organization-level requirements. To do so, we would like to generate a
python-requirements.txt file with the required hashes using the
`pip-compile` command from the `pip-tools` package.

The way the version is detected in the `setup.py` configuration in this
package is using the `use_scm_version` feature which attempts to extract
the version from VCS (i.e., git) metadata. However, this requires installing
the package with `pip install git+https://github.com/lowRISC/fusesoc.git@<tag>`.
However, to use the `pip-compile` command to generate secure
`python-requirements.txt` file (i.e., one with pinned hashes), requires
installing packages directly using the HTTPS URL syntax, i.e.,
`pip install https://github.com/lowRISC/fusesoc/archive/refs/tags/ot-0.3.zip`,
i.e., bypassing git. Unfortunately, this fails to find the version,
since there is no git metadata to parse.

Therefore, I updated the `setup.py` configuration to use a
"fallback_version".

Signed-off-by: Tim Trippel <ttrippel@google.com>
Signed-off-by: Tim Trippel <ttrippel@google.com>
@timothytrippel
Copy link
Author

@timothytrippel any idea what the CI failure is about? Sadly python packaging is not my strong suit!

Sorry about that, had to dig deeper myself. Looks like it was two issues:

  1. an outdated isort package used by the CI
  2. bad formatting.

The changes pass now.

@GregAC GregAC merged commit 35a75ed into lowRISC:master Aug 24, 2023
@timothytrippel timothytrippel deleted the add-fallback-version branch August 24, 2023 16:27
@timothytrippel timothytrippel restored the add-fallback-version branch August 25, 2023 20:21
@timothytrippel
Copy link
Author

Just realized this should have not been merged to the master branch, I didn't realize we were tagging the ot-dev branch. We should really align our fork's master branch with the upstream master branch. To do so, someone with write access (@GregAC ?) should drop the last two commits on our fork's master branch (lowRISC/fusesoc:master) and force push.

The changes from this PR have been moved to a new PR against the ot-dev branch in #4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants