Skip to content

Commit f852b12

Browse files
committed
Work around pip 23.0.1 dependency resolution bug
pip is resolving a Poetry dependency to a version that isn’t the one we have pinned. Luckily, `--require-hashes` still catches it. Both `-c requirements.txt` and `--no-deps` can work around the issue. This was fixed at some point between pip 23.0.1 and the current pip 25.1.1, but I don’t want to add an additional Poetry-style lockfile for a pip upgrade and further bloat the image besides. We should be able to upgrade to a fresher base image soon enough anyway.
1 parent 9fd2ac8 commit f852b12

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

.github/workflows/tests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ jobs:
6161

6262
- name: Install Poetry
6363
run: |
64-
.poetry-venv/bin/pip install --require-hashes --only-binary :all: -r poetry-requirements.txt
64+
.poetry-venv/bin/pip install --require-hashes --only-binary :all: --no-deps -r poetry-requirements.txt
6565
6666
- name: Create virtualenv
6767
run: python3 -m venv --system-site-packages .venv

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ COPY --from=imagemagick6-build --chown=root:root /imagemagick6-build/package-roo
113113
COPY poetry-requirements.txt ./
114114
RUN --network=none python3 -m venv .poetry-venv
115115
RUN --mount=type=cache,id=pip,target=/weasyl/.cache/pip,sharing=locked,uid=1000 \
116-
.poetry-venv/bin/pip install --require-hashes --only-binary :all: -r poetry-requirements.txt
116+
.poetry-venv/bin/pip install --require-hashes --only-binary :all: --no-deps -r poetry-requirements.txt
117117
RUN --network=none python3 -m venv .venv
118118
COPY --chown=weasyl pyproject.toml poetry.lock setup.py ./
119119
RUN --network=none .poetry-venv/bin/poetry check --lock

0 commit comments

Comments
 (0)