Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split out uploaded package checks into their own library/CLI #17362

Open
emmatyping-nv opened this issue Jan 6, 2025 · 0 comments
Open

Split out uploaded package checks into their own library/CLI #17362

emmatyping-nv opened this issue Jan 6, 2025 · 0 comments
Labels
feature request requires triaging maintainers need to do initial inspection of issue

Comments

@emmatyping-nv
Copy link

emmatyping-nv commented Jan 6, 2025
edited
Loading

What's the problem this feature will solve?
Currently, there is no way to check if a package will pass the upload API checks. While there are other solutions that will hopefully eventually partially solve this such as PEP 694 and #5865, having a CLI tool that checks a package will pass the pypi.org upload checks will allow users to verify their packages before release time, while not adding new strain on PyPI resources.

Describe the solution you'd like
The package checks in https://github.com/pypi/warehouse/blob/main/warehouse/forklift/legacy.py will be refactored into a library/CLI in this repo. Warehouse will add this library as a dependency.

I want to be very careful that the refactored checks work the same and don't break anything, so I'm thinking of doing the following migration path:

  1. checks are refactored to library ("library checks"), while keeping the existing checks ("current checks")
  2. library checks are added such that they will not cause a rejection of upload, logging any failures if it disagrees with current checks
  3. (optional) switch the library checks to be the primary checks, still logging any differences in failures (hopefully this doesn't happen)
  4. Remove the current checks and only use the new library checks

This makes sure there is a low likelihood for the refactoring to cause new rejections that wouldn't happen from the current upload API checks.

Additional context

A few questions:

  1. what should I name the library/CLI? I was going to go for a descriptive name pypi-upload-checks
  2. is there a particular build backend I should use? I was going to use hatch/hatchling by default but I'm happy to defer to setuptools or some other backend.
  3. how should shared dependencies be managed? Right now, I see requirements files locked via pip-tools for warehouse. I presume the versions should be kept the same for the shared dependencies (packaging, readme-renderer, etc.). I suppose I could customize the build to read these dependencies from the locked requirements files, but that seems a little hacky.
@emmatyping-nv emmatyping-nv added feature request requires triaging maintainers need to do initial inspection of issue labels Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request requires triaging maintainers need to do initial inspection of issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emmatyping-nv