Should `.poetry/plugins/poetry.lock` be added to SCM when using `[tool.poetry.requires-plugins]` #10390

Spitfire1900 · 2025-05-12T20:47:07Z

Spitfire1900
May 12, 2025

I'm using poetry-dynamic-versioning on Poetry 2.1 using the [tool.poetry.requires-plugins] feature; should the .poetry/plugins/poetry.lock file be added to source control?

Answered by gistrec

May 15, 2026

Adding to @cookesan — two details worth making explicit:

Auto-.gitignore: Poetry writes .poetry/.gitignore with * when it creates the project plugin cache, so .poetry/plugins/poetry.lock is excluded from version control automatically. You do not need a manual .gitignore entry for it

Pinning for CI reproducibility: pin the exact plugin version directly in pyproject.toml:

[tool.poetry.requires-plugins]
poetry-dynamic-versioning = "==1.4.1"   # exact pin for CI stability

With an exact pin, Poetry should install the same plugin version on fresh environments without committing the plugin lockfile

The plugin cache under .poetry/plugins is project-local and regenerated automatically when Poetry …

View full answer

cookesan · 2026-04-21T06:42:51Z

cookesan
Apr 21, 2026

I would not commit .poetry/plugins/poetry.lock.

The project input is the [tool.poetry.requires-plugins] section in pyproject.toml. In Poetry's current source, .poetry/plugins is the project plugin cache. Poetry writes .poetry/.gitignore with *, creates .poetry/plugins/poetry.lock while installing missing project plugins into that cache, and invalidates the cache when the plugin section, Poetry version, or Python version changes.

So I would commit the pyproject.toml plugin requirement and treat .poetry/ as generated local state. If you need reproducibility, pin the plugin constraint in requires-plugins; each environment can then rebuild its own plugin cache.

0 replies

gistrec · 2026-05-15T19:04:05Z

gistrec
May 15, 2026

Adding to @cookesan — two details worth making explicit:

Auto-.gitignore: Poetry writes .poetry/.gitignore with * when it creates the project plugin cache, so .poetry/plugins/poetry.lock is excluded from version control automatically. You do not need a manual .gitignore entry for it

Pinning for CI reproducibility: pin the exact plugin version directly in pyproject.toml:

[tool.poetry.requires-plugins]
poetry-dynamic-versioning = "==1.4.1"   # exact pin for CI stability

With an exact pin, Poetry should install the same plugin version on fresh environments without committing the plugin lockfile

The plugin cache under .poetry/plugins is project-local and regenerated automatically when Poetry detects that the relevant inputs changed, such as the plugin requirement, Python version, or Poetry version

A compatible-range constraint, for example ">=1.4,<2", gives more flexibility, but then reproducibility depends on the constraint bounds and the package versions available at install time

0 replies

Spitfire1900 · 2026-05-15T20:22:38Z

Spitfire1900
May 15, 2026
Author

Follow up question, should poetry plugins be included in a projects' poetry.lock? This is a architectural question, it doesn't do that today.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Poetry

Should `.poetry/plugins/poetry.lock` be added to SCM when using `[tool.poetry.requires-plugins]` #10390

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Poetry

Should .poetry/plugins/poetry.lock be added to SCM when using [tool.poetry.requires-plugins] #10390

Uh oh!

Spitfire1900 May 12, 2025

Replies: 3 comments

Uh oh!

cookesan Apr 21, 2026

Uh oh!

gistrec May 15, 2026

Uh oh!

Spitfire1900 May 15, 2026 Author

Should `.poetry/plugins/poetry.lock` be added to SCM when using `[tool.poetry.requires-plugins]` #10390

Spitfire1900
May 12, 2025

cookesan
Apr 21, 2026

gistrec
May 15, 2026

Spitfire1900
May 15, 2026
Author