chore: mirror sandbox requirements from openedx-platform#85
chore: mirror sandbox requirements from openedx-platform#85MoisesGSalas wants to merge 2 commits intomainfrom
Conversation
|
Thanks for the pull request, @MoisesGSalas! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
9ee6ceb to
6719005
Compare
|
@openedx/axim-engineering would someone be able to review? |
| base.txt | ||
| ======== | ||
|
|
||
| These are the latest requirement pins for openedx-sandbox. They are regularly | ||
| updated with the latest compatible versions of each package. |
There was a problem hiding this comment.
I didn't add the releases directory because we can simply use the base.txt and point to a particular git revision of this repository.
Can you explain more? The purpose of the release.txt files and the changelog is that it makes it very obvious to operators which requirements go with which releases and how the sandbox environment changes every release. Installing base.txt from specific commits would technically work but I fear that it would be less clear for operators how to safely upgrade.
There was a problem hiding this comment.
The logic is that the base.txt for a given release will be the one in openedx/codejail-service with the corresponding tag (e.g. release/ulmo.1). By default the tutor plugin will install the base.txt for the given OPENEDX_COMMON_VERSION.
In case you need to use a different set of dependencies you will use some mechanism that the plugin offers to retrieve the file from a different source. At the moment is a mix of docker build args and Tutor settings, but could probably be simplified to only Tutor settings.
I agree that keeping the changelog is valuable. What I think is confusing is keeping the snapshot of the files when that is already being done by git (although this move loses the previous versions).
There was a problem hiding this comment.
@MoisesGSalas Ah, I didn't realize SANDBOX_DEPS_VERSION could be easily configured to be different from the version of the codejail-service repository. Nice, I agree that this is much better than copying the text file every release 👍🏻
Where do you propose the changelog is kept? Named release notes, or part of this repo?
We'll need to update this part of the release process. I'm happy to help rewrite that part, let me know what you think would make sense for a process.
There was a problem hiding this comment.
I think the Named release notes is the better place. I myself go there first when I need to handle a particular upgrade.
I think removing the segment altogether is enough? The release manager shouldn't need to do anything in this repository besides tagging via the repo-tools script.
I don't know what would be the best way to catch breaking changes when upgrading the requirements in order to add them to the notes.
There was a problem hiding this comment.
In the past, I've made notes of two types of things:
- major version bumps in any sandbox packages, particularly scipy and numpy
- dropping of support for a python version
Maybe it could be a regularly scheduled task for the codejail-service maintainer to check those during each named release period and add it to the operator notes? https://openedx.atlassian.net/wiki/spaces/COMM/pages/5331222534/Verawood+-+Operator+Release+Notes
There was a problem hiding this comment.
Yeah that makes sense, specially if the maintainer is the one that merges the weekly requirements upgrade anyways, so they can leave a note in the PR and collect them later at the time of release.
Part of openedx/openedx-platform#36639
This mirrors the files in openedx-platform/requirements/edx-sandbox.
I didn't add the releases directory because we can simply use the base.txt and point to a particular git revision of this repository.
I also didn't include the common constraints in the base.in file because it didn't make much sense to me given that the sandbox virtualenv is independent. I can add it if it's needed.
Here's the diff of the base.txt after running
make compile-requirementscffi==2.0.0 # via cryptography chem==2.0.0 - # via -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in click==8.3.1 # via nltk codejail-includes==2.0.0 - # via -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in contourpy==1.3.3 # via matplotlib cryptography==45.0.7 - # via - # -c requirements/constraints.txt - # -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in cycler==0.12.1 # via matplotlib fonttools==4.62.1 @@ -28,8 +26,7 @@ kiwisolver==1.5.0 # via matplotlib lxml[html-clean]==5.3.2 # via - # -c requirements/constraints.txt - # -r requirements/edx-sandbox/base.in + # -r requirements/sandbox/base.in # lxml-html-clean # openedx-calc lxml-html-clean==0.4.4 @@ -39,25 +36,24 @@ markupsafe==3.0.3 # chem # openedx-calc matplotlib==3.10.8 - # via -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in mpmath==1.3.0 # via sympy networkx==3.6.1 - # via -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in nltk==3.9.3 # via - # -r requirements/edx-sandbox/base.in + # -r requirements/sandbox/base.in # chem numpy==1.26.4 # via - # -c requirements/constraints.txt # chem # contourpy # matplotlib # openedx-calc # scipy openedx-calc==5.0.0 - # via -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in packaging==26.0 # via matplotlib pillow==12.1.1 @@ -66,25 +62,25 @@ pycparser==3.0 # via cffi pyparsing==3.3.2 # via - # -r requirements/edx-sandbox/base.in + # -r requirements/sandbox/base.in # chem # matplotlib # openedx-calc python-dateutil==2.9.0.post0 # via matplotlib random2==1.0.2 - # via -r requirements/edx-sandbox/base.in + # via -r requirements/sandbox/base.in regex==2026.2.28 # via nltk scipy==1.17.1 # via - # -r requirements/edx-sandbox/base.in + # -r requirements/sandbox/base.in # chem six==1.17.0 # via python-dateutil sympy==1.14.0 # via - # -r requirements/edx-sandbox/base.in + # -r requirements/sandbox/base.in # openedx-calc tqdm==4.67.3 # via nltkMerge checklist:
Check off if complete or not applicable:
Changelog record addedDocumentation updated (not only docstrings)Unit tests added/updatedManual testing instructions providedNoted any: Concerns, dependencies, migration issues, deadlines, tickets