Build packages with pinned dependencies from .lock file

[artslob]

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

As title says, this feature is about to poetry build build wheels and packages with pinned versions specified in poetry.lock file. Command can be something like poetry build --locked.

Its duplicate of closed #1307. Reason to close this issue was argument about libraries and applications (in short):

Libraries use wheels for distribution. Their dependencies should not be very tight so libraries can coexist with each other. Thats why poetry build dont use versions from lock file. There are also applications. Applications need pinned dependencies from lock file, so all environments (dev and prod) use same dependencies. Applications should use docker for distribution.

So I think its not actually true that applications should not use wheels and pypi for distribution, sometimes its reasonable to have package with pinned dependencies from lock file. Example of such use case can be some cli tools like https://github.com/ytdl-org/youtube-dl, so development team and end-user use same dependencies. Another example is some backend application that deployed on server by wheel package.

[tomzx]

I'd think it is reasonable for a tool such as poetry to generate Requires-Dist constraints in the wheel's METADATA, knowing that it is the user's responsibility to ensure that whatever they've built can be installed in the other projects that need them.

I assume that what you want as behavior is that each package listed in your pyproject.toml have the exact version defined in your poetry.lock. All the packages those packages depend on would not be part of the list of packages defined in the built wheel.

Is that an accurate assessment?

[artslob]

Well, no actually. What I want is that when package is builded it will require exact versions of all dependencies from lock file. These versions can be also extracted (vied) using poetry export -f requirements.

Right now when package is builded it requires versions specified in pyproject.toml file.

[Tobotimus]

I'm certainly a fan of this idea, and made a similar comment regarding that "Applications are not distributed via wheels" argument on the original issue.

[sinoroc]

@artslob @Tobotimus @tomzx A PR has been filed: #3341. Would you mind giving it a try, giving feedback on it, reviewing the code? Whatever helps to get things moving

[artslob]

I will try to find some time to check it

[strangemonad]

+1 to the suggestion @Tobotimus made ere and in #1307 (comment). This workflow perfectly supports apps that you might install, say via pipx

[bneijt]

I have created poetry-lock-package to do exactly this. Having a cluster that provisions on demand we could provisiin the right versions without manual scripting and hosting of a requirements file (already had a private repo).

I have created a feature request with the export plugin, but have not had any response there yet.

python-poetry/poetry-plugin-export#1

https://pypi.org/project/poetry-lock-package/