#build

No, I just remembered build filtering out PIP_ variables.

Yes, it's related. Setuptools really wants to try to improve, but it's a mess - no warnings are shown normally, capping is a bad idea, not capping can be unfixable, etc. 🙂

I don't think build filters anything of pip's out

I'll try PIP_CONSTRAINTS_FILE on pip soon then.

I suggested a solution for the lack of warnings in that issue

I may be remembering a discussion incorrectly.

Yes, the solution seemed reasonable.

And things are much better than they used to be. Pip no longer dumps a wall of text when you add a single -v. 😉

I'll have to play with constraints files then. Could be it's pip and build, not just build like I was thinking. Hurts that I'm not currently running into this, but just needing it for completeness in my article and possible future use.

FYI, this is the contents of the oldest-supported-numpy metapackage: https://github.com/scipy/oldest-supported-numpy/blob/master/setup.cfg#L21-L57

I don't think I really understand the motivation behind the behavior you describe

you should not be pining dependencies if you want to build with other versions

build will only warn you if the build dependencies, as specified, are not met

if you have a upper bound on numpy for eg. and want to test a newer version, you should setup the environment yourself and run with -ns

or, of course, write a specific tool to do that, if it's an use-case that warrants it

Any thoughts on what Debian should call its PEP-517 build interface? pep517? build-api?

pep517 is the name of a project on pypi i think, would that cause any problems?

Don't think so. The question for us is whether this general approach will continue to be called pep517 in the future (assuming it gets updated by future PEPs)

build-api is probably more in line with how others are calling it.

Flit: flit_core.buildapi
Poetry: poetry.core.masonry.api
Setuptools: setuptools.build_meta

I was forced to make a quick decision, so stuck with pep517 for now.

I'd generally encourage not using PEP names for identifying things -- it's obscure and unclear to anyone who isn't familiar with them. Plus, it's at least PEP 517+518+600 that you'd be implementing.

Error 400 (Bad Request)!!1

https://service.elsevier.com/app/answers/detail/a_id/28037/supporthub/elsevieraccess/p/15095/

technically you're already out of date if you add PEP-660 support (editable installs) 🙂

IMHO a good name for it would be pyproject 🙂 because mirrors the file format that introduces all these new standards, and we had a discussion in the past to name the new standards pyproject style projects 🙂

Editable installs don't make sense in our context. Aha, that's a good argument for pyproject. Let me see if renaming is reasonable

building is just one aspect of the pyproject file though

my original suggestion for build was "pyproject-build" and that's what the console script is called

For now, but I imagine that might change in the future 😊

Renamed to pyproject, thanks.

https://github.com/pypa/build/issues/427 seems quite bad, very easy to replicate. Not sure what updated to cause that, though. I think importlib.metadata.distributions("pip") is crashing.

Actually, it happened with both venv and virtualenv, so that wasn't it. And it's now working again, so maybe a PyPI issue...

Or maybe a Debian thing? IIRC the base Python image is based on Debian, which contains some very old distribution formats that importlib.metadata does not recognise (like zipped eggs).

It was happing on GHA too, for about 1-3 hours, then it just cleared up.

it was setuptools breaking pip, https://github.com/pypa/setuptools/issues/3002

I think I'll close https://github.com/pypa/build/pull/361 and open individual PRs for all the tiny improvements I made, doesn't look like there's any interest in isolated env reuse and the PR has sat dormant for far too long.

If @mighty yew could comment on any major worries or implications, then I could try to do a review for details. I mostly didn't want to jump in on something I wasn't an expert on. And if smaller bits could be introduced first independently, that always makes review easier.

I still have this on my TODO

but I pulled back on oss work for the past few weeks

feel free to open smaller PRs, but ideally I would like to merge this sometime

That PR has been the biggest waste of my time in open source

@bronze aurora approved it, I think we were all just waiting for @mighty yew to approve.

yes, sorry for not being able to get to it

I don't think it's wasted work though

I will try to pick it up

are we sure pip doesn't want to use build?

Please do, I'd be happy to reopen and merge once you review, personally. 🙂

I want to, but it’s currently not possible to use build in pip due to multiple blockers

@warm mulch are they enumerated somewhere?

https://github.com/pypa/pip/issues/6264

Plus these test failures indicating venv does not work as a drop-in (may overlap with issues mentioned in the other issue) https://github.com/pypa/pip/pull/10720

The PR was created specifically to allow pip to use build, it was born out of the issue that you linked.

I know

Would there have remained any blockers?

I’m not picking it up again but if FFY00 does he might like to know.

Someone needs to do the integration work? 😛

I don’t think there are technical blockers, but I also may have missed something, pip has way too much compatibility baggage to keep track of

maybe I can get $dayjob to give me some hours for this if the pip maintainers think it is valuable and a good path forward

but I have other stuff to do too, but I would be much more productive there than whatever I am doing right now, so I don't think it would take that much of my hour budget

but it would from my weekend + mental health if I do it then, so I have to find a time where it makes sense for me

Don’t push yourself too hard on this; someone still needs to write code in pip to integrate build. We are all in a similar situation and can’t promise things will happen when.

it seems like a good candidate for the packaging sprints maybe

I have time allocated for that, as I am attending pycon

should see if I can squeeze a trip to PyCon - It's only 1 state away for me for a change

it's an ocean away for me 😅

but I was able to sort it out with my employer

so, yay

A bit more than that, Salt Lake city being mostly west coast 😂

https://github.com/pypa/bandersnatch/pull/1084 - Is there anyting else bandersnatch should do build gurus? Just trying to get up to speed and convert all my packages to "Do the right ting (TM)" 🙂

Can I drop installing the wheel dep now?

Yes you can drop it, build populates a separate venv to build the package anyway so the globally installed wheel is no longer useful

Probably want to also add a pyproject.toml to specify minimal configuration

[build-system]
requires = ["setuptools"]

Will do (I also noted this in my review lol) that, thanks!

Cheers

you could also stick in a twine --check dist/* before the upload. it doesn't check much but can catch some long-description things https://twine.readthedocs.io/en/stable/#twine-check

Nice, can't hurt. And I guess it should only improve.

Is declaring the build-backend key necessary / encouraged? I've heard that if it's not present pip will fall back to the legacy backend (totally uninformed what build does tho)

I would like to get docs that state all this: https://github.com/pypa/build/issues/438

I got told things that the build docs don't mention at all today. We should address that I feel.

I forgot the details but it’s always correct to use the “full” form with build-backend explicitly specified

yes, please do, I think the PEP should have explicitly disallowed not specifying it

the PEP text is not very clear, so in practice some people will expect a default value 😕

sorry, no, requires is mandatory

build-backend is not

I do not think this was good but 🤷

IIRC that was explicitly designed, least friction or something (I was not involved so it’s second hand info)

I'll add to bandersnatch's configuration anyway since there's no harm in putting it there

also note that the default backend is the legacy one

yup yup I alluded to that above but good to confirm 😄

so always better to specify

I can see how that would happen if setuptools did not yet have the legacy backend hook at the time

I did not consider that

but still, I feel like we would be better off in the long run without this behavior

now we are stuck with it

and it is a footgun IMO

I guess technically putting wheel in build-system.requires is redundant since setuptools will append wheel anyway to the build deps

yes

I suspect some older versions might not do that, but I am not sure

Fair, I'll keep it then unless someone yells 🙂 I use flit for my personal projects anyway so I don't really know what's best-practice with setuptools :/

it is a good idea to give a minimum version, so you can just verify that the one you pick does that

It indeed didn’t, the legacy backend was added much later (I was around when that happened). It’s a continuation to the least friction path because many legacy code was to import the not-yet-installed package (for e.g. version number), but the modern backend does not put pwd in sys.path

Otherwise the two backends are identical though so defaulting to the legacy backend does not really matter, especially if you don’t use setup.py at all

ah that's a decent idea too, would be a decent way of figuring out a minimum for setuptools since currently we have none

I suppose supporting PEP 660 would change that for setuptools especially they if decide to go with a more modern approach to implementing the editable functionality.

Yeah

a good version would be 42

I realize I have an open PR for this which I've ignored for the past few months, uhh tbh I haven't been motivated to work on it since I get the vibe it has to be rewritten to be merged (since I chose the "stick a .pth in site-packages" approach which was met with division)

I mean also it also needs changes for the legacy backend but that's secondary to design issues 🙂

Some meaningful-ish setuptools versions if you want a lower bound:

• 36.6.0: PEP 517 support added
• 40.9.0: setup.cfg-only support added (i.e. use this if you don’t include a setup.py in the project)
• 42.0.0: Ditched easy_install
• 43.0.0: Automatically include pyproject.toml in sdist MANIFEST
• 45.0.0: Dropped Python 2

I already made the change on the PR but thank you anyway! I went with 42.0.0 by suggestion of FFY00

If you go with 42 remember to add include pyproject.toml in MANIFEST.in to avoid surprises

yeaa I just realized that and was in process testing out whether the generated sdist is installable (edit: I'm dumb and tested this in the most wrong way possible, anyway I'll fix it) since we definitely did not add pyproject.toml to MANIFEST.in

What can we do to make pyproject.toml included by default? Feels like it should 😕

Is it already since setuptools 43.0.0?

If not it should be reported as a bug

There's one difference: whether the current working directory is on sys.path -- it is with teh legacy backend and it isn't with the explicit opt-in.

This matters since usually folks shouldn't be trying to import code that is going to be packaged, from a running setup.py (for $reasons) and this discourages that more directly.

Anything before setuptools 42 doesn't properly support PEP 517 - I've been bit by that before. You also have to include wheel, not sure if that was mentioned.

There's a huge PEP 621 PR (with a broken-into-six-stages version) in setuptools. It also really needs the smarter default package discovery PR, IMO. I've done a little testing in scikit-hep/cookie, and it's working.

oh did someone make an alternative to my (terrible) PEP 660 PR? if so that's great

hmm I don't see one, I see it's for PEP 621 instead

I do see https://github.com/pypa/setuptools/pull/3082 but that's likely to be rejected as well since it still relies on the root .pth approach mine did

It does come with the advantage being written by someone who 100% knows way more than me though so yeah for whatever that is worth.

.pth?

a file extension that if placed in site-packages will extend sys.path (used to implement editable installs for setuptools atm) with its contents IIRC

ah, neat!

per Dustin's email, I suggest disabling all "tox" tests in CI

why?

can't we just ask github to up the limit for the org?

(I have no knowledge of the email)

https://mail.python.org/archives/list/pypa-committers@python.org/thread/PCBCQMJF64JGRBOX7E2EE4YLKHT4DI55/

The email was motivated by setuptools recently adding some very over the top integration tests 😅.

But @mighty yew idea is actually very good. Even after the new integration tests for setuptools being prevented to run for every commit, it is difficult to provide the same developer experience + quality of packages without doing the tests against all platform combinations... So asking for increasing the limit is a nice thing.

Is there any way in GitHub to run a subset of the tests just when the "merge" button is activated and aborting the merge if it fails?

I think it could be possible with automerge

I don't know if it creates an event

I still don’t think we need quite so many tests or runners, the test suite takes an hour to complete

And I don’t see what purpose the tox tests serve

That is why I was wondering if they can be postpone (and maybe they can with automerge as suggested by Filipe).

This way a pypa project can setup a minimal set of tests for quick develop feedback and then something more complete to make sure no combination of OS/implementation/Python version breaks

(It is good to have these tests scoped to the PR instead of running them after the merge, because the author would still be involved in the process, and protects the main branch from failures that would require reverting things)

what should I do here? https://github.com/ofek/hatch/issues/128#issuecomment-1037415765

https://github.com/pypa/setuptools/pull/2923#issuecomment-1035840098 for the GitHub issue, in case someone's interested. :)

Only run CI workflows on PRs and pushes to the default branch
Without this, workflows will be triggered for pushes to branches that do not have corresponding PRs, and pushes to branches that do have corresponding PRs will run each workflow twice.

An example to add to your workflow:

on:
  push:
    branches:
      - main
  pull_request:

I find this branch restriction unfriendly to contribution: it adds an extra impediment in that I can't easily test feature branches my own fork

I wrote more on it here: https://github.com/python/typeshed/issues/7066#issuecomment-1025188218

as it happens I saw this yesterday, would this solve it? by allowing forks to build pushes and only doing a single build for upstream

    # We want to run on external PRs, but not on our own internal PRs as they'll be run
    # by the push to the branch.
    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository

https://github.com/has2k1/plotnine/blob/master/.github/workflows/testing.yml#L10-L12

Inspired by @jaunty matrix 's work in https://github.com/ofek/hatch/pull/136, I'm going to see if I can get build's CI working properly. If so, I think we should probably do a release and then convert to Flit.

Any tips on how to make the combination of PyPy, Windows, pytest-xdist and concurrent.futures.ProcessPoolExecutor/subprocess don't misbehave? 🤣 (not for build specifically, just a general question because I am struggling a lot with that in setuptools test suite)

@jaunty matrix is the expert at the moment. 🙂 Maybe once I get this working. Spending pretty much the whole morning getting my windows box updated - pretty sure it's going to go 10->11 as soon as I start running again. I tried to run the build test suite then MSVC's update restarted my computer (without asking)...

winget is nice, especially since it's built in now, but Windows apps don't have nice update experience, they pop things up all the time so you can't work while it's running

Oh yes, trying to running tox/nox on windows is also fun! (lots of pop ups for each subprocess or network permissions)

I'm kind of forced to use Windows because of assistive technology offerings, but I think it's awesome nowadays 🙂

python -IM ensure-up --upgrade --default-pip is failing with no module named encodings - this is from venv, I think.

Windows

Ahh, finally found that at least some of the tests pass if I avoid tox. Possibly pypy on windows is buckling under the nested virtual environments?

humm

Ahhh, known issue, I guess the skips are not being applied properly

PYPY3_WIN_VENV_BAD = platform.python_implementation() == 'PyPy' and os.name == 'nt'
PYPY3_WIN_M = 'https://foss.heptapod.net/pypy/pypy/-/issues/3323 and https://foss.heptapod.net/pypy/pypy/-/issues/3321'

Found ways to improve the error messages though 🙂

Is there a good way to detect running in tox?

I should only need to apply this skip if running in tox (just in a single regular venv is fine, interestingly, since I'm always running in a venv - just not the one tox sets up)

I should be able to just try to make a venv in the conftest, and if I can't, then that means build can't. :) I'll finish this up tomorrow, and then split up my changes into several small PRs; some cleanup, nicer error messages, and 11 skips for PyPy Windows. I've tried patching in venv.EnvBuilder as pytest.skip, but that overskips, so it's still only happening in some places (so my idea above won't work properly)

Next PyPy release is in 10 days, wonder if we might be able to get a fix in...

Should be fixed in PyPy for the next release.

fyi for platform conditionals there is special recognition in Mypy for sys.platform, not os.name

https://github.com/pypa/build/pull/436 is ready for review. It's mostly stripped down to "minimum to get the CI green" - All the various things I worked on along the way will be PR'd as soon as that is merged.

Does mypy not recognise os.name?

correct

Is that a recent development?

forever afaik

os.name wasn't working with Mypy for https://github.com/ofek/hatch/blob/774bab6b4761079577332cd1b60b91b2aaed7ed3/src/hatch/utils/fs.py#L11-L16 then I asked why in Python discord

I see it tested here: https://github.com/python/mypy/blob/6ff8091dff1493aed1ae951934384d9e977bbc5f/test-data/unit/check-unreachable-code.test#L514

No tests for os.name. The startswith idiom is pretty well known due to rather detailed docs https://docs.python.org/3/library/sys.html#sys.platform

If you only supported one, I'd definitely go with sys.platform, more detailed. Though it seems like they could support both. I'm fine with a standard, though, and sys.platform is a better standard because you can tell macOS from Linux. 🙂

For pyodide, os.name is posix (? guess that makes sense) and sys.platform is emscripten (much better).

Ok, but e.g. this: https://github.com/pypa/build/pull/442/files#diff-4f1bb46d65de7fbb1573dfc2a2bca9f63c7b03d55e74c53339f0c8ee4fa054d8R238

is a behaviour change

I'm not sure if it actually matters, I assume cygwin doesn't report nt for os.name anyway

cygwin returns posix.

Not sure about msys2.

I think it is a change on msys2, where it does report nt but returns msys

https://github.com/pypa/build/pull/442 is ready for review.

I haven’t had a chance to look at the new output, I’ll do that tonight

Anyone want to look at https://github.com/pyodide/pyodide/pull/2272 ? I've been pushing them to use build, but didn't really expect them to have to use mostly private internals. 😄

For reference, Pyodide's build system currently is rather like a all-at-once conda; it has to manually specify packages in a "run" field (soon to be split into build/run or just build), then topologically sort and builds everything. They should be able to use pure Python wheels, but built packages have to be compiled. They've just reworked the system from a "record and replay" system (yuck) to a "intercept and modify" (much better), so it's a more reasonable cross compile system.

By switching to build, besides supporting non-setuptools, they are also moving to something more "normal" with less manually specified dependencies, etc. They still have to have some control over build requirements - if "numpy" is requested, they have to provide the version they have built locally, not whatever is pinned, etc.

I think most of the private internals were just to mimic the output, which it fine to reimplement, IMO.

@tidal bramble would https://github.com/pypa/build/pull/361/files help with this?

It would simplify a few things but the main problem they are having appears to be that there’s no way to pass a different environment builder to the CLI and I guess they don’t wanna monkey patch it?

Increasing the bus factor on PyPI would be nice, too 😉

I think we should start thinking about a 0.8.0 - maybe right after the next Python 3.11 alpha is out? I'd like to try the move to Flit just after 0.8.0.

Is there a ballpark estimate how much slowdown would be introduced by always building a wheel via sdist? (compared to directly from source tree) https://github.com/pypa/pip/issues/10746#issuecomment-1084914192

depends entirety on the backend

if you are building a sdist anyway, it is basically just the extra unpacking time

if you are not, you also add the time it takes to build the sdist

but I don't think there are any problematic backends TBH

building a sdist is mostly just packing anyway

The only thing that’d cause a noticeable slowdown is not reusing the build env. I don’t actually recall if we do that in build

we don't

the dependencies might be different

a possible optimization would be reusing it and adjusting the environment if needed

would it be possible to add an options for backends that ensure correct sdists to say that the build should go directly from tree to wheel? There are some cases where you need to call external tools for building sdists where it makes a difference

for large projects it would be a massive slowdown

we package an app/monorepo as a wheel and builds take ~30-40s

hey everyone, python -m build --outdir .buildwork pollutes my src folder with an *.egg-info directory

can I ask it not to do that?

that's setuptools' doing (i.e. the backend's), I don't think you can opt out of it

ah, thanks!

Switch to hatchling and you no longer get that

Or flit. Or poetry.

Basically anything except setuptools. XD

I am trying to push a package to pypi with github actions. every time I run the action, build tries to build version 0.0.1 of my project. Whenever I try it locally, build builds 0.0.2 I already have 0.0.1 on pypi and so my builds keep failing.

here is the package github https://github.com/FrostyTheSouthernSnowman/logging4thelazy

setup.py

import pathlib

HERE = pathlib.Path(__file__).parent

README = (HERE / "README.md").read_text()

VERSION = "0.0.2"

setup(
    name="logs4thelazy",
    packages=["l4l"],
    version=VERSION,
    license="MIT",
    description="A simple and easy to use library for logging in python",
    long_description=README,
    long_description_content_type="text/markdown",
    author="Yosi Frost",
    author_email="yosi_frost@icloud.com",
    url="https://github.com/FrostyTheSouthernSnowman/logging4thelazy",
    download_url="https://github.com/FrostyTheSouthernSnowman/logging4thelazy/archive/v_0.0.2.tar.gz",  # I explain this later on
    keywords=["logging", "python3", "simple"],
    install_requires=[],
    classifiers=[
        "Development Status :: 4 - Beta",  # Chose either "3 - Alpha", "4 - Beta" or "5 - Production/Stable" as the current state of your package
        "Intended Audience :: Developers",  # Define that your audience are developers
        "Topic :: Software Development :: Libraries",
        "License :: OSI Approved :: MIT License",
        "Programming Language :: Python :: 3",
        "Programming Language :: Python :: 3.4",
        "Programming Language :: Python :: 3.5",
        "Programming Language :: Python :: 3.6",
        "Programming Language :: Python :: 3.7",
        "Programming Language :: Python :: 3.8",
        "Programming Language :: Python :: 3.9",
        "Programming Language :: Python :: 3.10",
    ],
)

python-publish.yml

# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Upload Python Package

on:
  release:
    types: [published]

permissions:
  contents: read

jobs:
  deploy:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v3
    - name: Set up Python
      uses: actions/setup-python@v3
      with:
        python-version: '3.x'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install build
    - name: Build package
      run: python -m build
    - name: Publish package
      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
      with:
        user: __token__
        password: ${{ secrets.PYPI_API_TOKEN }}

do you need to git push --tags as well? and maybe only do the deploy on tags

the action was triggered when I created a new github release. Does github not do that automatically?

You should import from setuptools, not distutils, FYI. See https://scikit-hep.org/developer/packaging (or https://scikit-hep.org/developer/pep621) for tips.

You published before you changed the version to 0.0.2: https://github.com/FrostyTheSouthernSnowman/logging4thelazy/compare/v0.0.2...main

a Git tag is different from a GitHub release, and GH doesn't automatically create a release from a tag (there are GH actions to do that)

and you have this to trigger when a GH release is created:

on:
  release:
    types: [published]

https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release

it is possible to trigger on a tag instead of a release, some projects do that

I created the tag and the release on github

The problem was that the version was not changed in the files before tagging/releasing. You can use various tools for pulling the version from git (setuptools_scm, several other backends have support too). But if you manually update, you have to do that before you make the release in GitHub (which creates a lightweight git tag if you type in a new tag name).

Ok

Thank you

I wonder if we want to start bundling tests in the sdist

all the distros I looked at grab build from GH I presume for this reason, that there are no tests in the sdist

even those that generally prefer PyPI as a source (e.g. nixpkgs)

I almost always bundle tests in SDist (and when iMinuit dropped tests from the SDist, and then distro packagers had a fit and they were readded). Tests shouldn't be in the wheel, but they are very useful in the SDist.

(I also had a fit, since I needed then for conda-forge, but the lead developer of iMinuit didn't care about what I thought, it took debian or something like that to change his mind)

Why shouldn't they be in the wheel? Or is this just the old "do you want to be able to run tests in production" disagreement

generally tests don't reside inside the package - we don't want people shipping a top-level "tests" folder

that gets installed

Ah, ok.

sometimes shipping tests might make sense, but it depends a lot on the use case

generally distros prefer to grab the sources the actual project upstream than something like PyPI

we also have signed tags, which some distros like arch use

sdists or upstream will vary wildly on the distro, and sometimes the package itself

imho its the gold standard to include the testsuite in sdists
that being said, stuff like sqlites additional extensive e2e testsuite should indeed ship in separate bundles ;P