Comments (15)
Why you think that is the case?
At least the lockfile diff tool would be nice to be able to generate proper changelogs. Internally in our company, we have a tool to update lockfiles for conda which results in PR descriptions like this (see Quantco/multiregex#50):
It's not super pretty and maybe needs some formatting updates but if we decide to create something like this, I would like to have such changelogs in the PR descriptions.
from pixi.
For Rust we often use cargo update
and cargo upgrade
. One updating the lockfile with current boundaries of the config file. And upgrade actually upgrading the boundaries as well. These are tools that I would love to see in pixi as well!
from pixi.
IMO as of now, until pixi supports update
and upgrade
, I don't think we should act. @Hofer-Julian could think about making his solution a reusable workflow that other repos can use.
If pixi had all tools available (i.e. lockfile diff, update/upgrade command), we could think about creating an official reusable workflow for this in the prefix-dev github namespace. (At least until there is proper dependabot/renovate support for pixi.)
But I don't think that this should be happening in prefix-dev/setup-pixi
. Maybe something like prefix-dev/update-pixi-lockfiles
.
from pixi.
I am not sure how to make CI run automatically on a PR create by an action, but that's another story
try using SSH deploy keys in combination with with: ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
in actions/checkout
, then the PR won't be opened by the github user who cannot trigger actions but instead by the person who added the deploy key. (at least this worked for me in some situations)
from pixi.
I think to do this properly, we would need a "lockfile diff tool" or pixi update
(which supports json output that can tell you what exactly changed, xref #73 (comment)).
Ideally, imo, this behavior could be implemented in dependabot or renovate. I have heard there are some things happening on the renovate front with conda.
I am still a bit unsure what use cases such a tool should cover.
I think there are two main use cases:
Library
You develop a library and want to test against multiple versions (for example https://github.com/Quantco/polarify). There, the updater should come around occasionally and only update the upper bound if necessary. (you as maintainer should create necessary environments to properly test against all relevant versions).
Application
You develop an application and don't really care about supporting all versions of your dependency. There, the updater tool should come around occasionally and update both the upper bound and lower bound like dependabot for npm for example.
WDYT @0xbe7a @ruben-arts @wolfv @baszalmstra?
I'm also wondering how this is handled in languages with proper tooling such as rust.
I think #639 is also relevant for this issue.
from pixi.
For Rust we often use
cargo update
andcargo upgrade
. One updating the lockfile with current boundaries of the config file. And upgrade actually upgrading the boundaries as well. These are tools that I would love to see in pixi as well!
As linked by @pavelzw, the issue #73 is kind of related to that.
from pixi.
I am not sure how to make CI run automatically on a PR create by an action, but that's another story
try using SSH deploy keys in combination with
with: ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
inactions/checkout
, then the PR won't be opened by the github user who cannot trigger actions but instead by the person who added the deploy key. (at least this worked for me in some situations)
Cool, thanks!
from pixi.
@Hofer-Julian created a similar workflow in https://github.com/Deltares/iMOD-Documentation/blob/dd1c791944e1f513a8bd71a149b99e4a98e33a49/.github/workflows/pixi_auto_update.yml
from pixi.
I think to do this properly, we would need a "lockfile diff tool" or
pixi update
(which supports json output that can tell you what exactly changed, xref prefix-dev/pixi#73 (comment)).
Why you think that is the case? If pixi.lock
is unchanged, no PR will be opened as there is nothing to commit (that is already the default behavior of https://github.com/marketplace/actions/create-pull-request). By the way, thanks for linking #73, I remember something related but I could not find it.
I am still a bit unsure what use cases such a tool should cover.
It kind of covers the case in which you develop a library (so the first option), but you do not put upper bounds in the pixi.toml
(almost only ="*"
). I am not sure how niche is this user case is, but it is my use case at the moment. : ) If dependabot/renovate supported pixi.toml
probably the need for having almost always ="*"
would be reduced and hence the need of periodically refreshing pixi.lock
without changing pixi.toml
, but at the moment that is not the case.
@Hofer-Julian created a similar workflow in https://github.com/Deltares/iMOD-Documentation/blob/dd1c791944e1f513a8bd71a149b99e4a98e33a49/.github/workflows/pixi_auto_update.yml
That is exactly what I was looking for, thanks!
from pixi.
I'm also wondering how this is handled in languages with proper tooling such as rust.
Most Rust projects that I know that have something like that use dependabot.
The supported update types are documented here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore
from pixi.
I see, thanks for the explanation.
from pixi.
The lockfile diff tool is also a good idea!
from pixi.
@Hofer-Julian created a similar workflow in https://github.com/Deltares/iMOD-Documentation/blob/dd1c791944e1f513a8bd71a149b99e4a98e33a49/.github/workflows/pixi_auto_update.yml
Just to have all aligned, at the moment by specific problem is solved by this. I think this may be a useful discussion, but anyhow I do not have need any specific change in setup-pixi
in the short term. So, when you prefer feel free to close the issue, thanks!
from pixi.
@Hofer-Julian could think about making his solution a reusable workflow that other repos can use.
I didn't know about reusable workflows. Will see if I can find time to set that up.
from pixi.
@ruben-arts can you transfer this issue into a prefix-dev/pixi
discussion?
from pixi.
Related Issues (20)
- Unable to install mamba-ssm as a pypi dependency HOT 2
- Binding tasks to environments directly HOT 3
- Might want to prevent naming an environment `solve-group-envs` HOT 3
- Pixi always performing pypi `building editable source` task HOT 3
- pixi shell-hook and pixi run environment mismatch (GOROOT)
- Pixi run without updating or checking dependencies HOT 2
- Pytest Incompatibility with ROS2 Humble Release on Robostack HOT 17
- Make `pixi shell` use my `.zshrc` file
- Allow adding a package from a non-main channel without explicitly adding its dependencies HOT 3
- In `pixi shell`, add an option to turn off the prompt HOT 2
- Nested features - features in features HOT 2
- pixi.lock file is not stable HOT 3
- Improve exprience for environments that mix multiple Conda channels and PyPI HOT 8
- A sub-environment without solving HOT 2
- Tracking Issue: Full R Support HOT 16
- Installing PyTorch from default conda command HOT 5
- Pixi cannot install python projects with more than 1 top-level folder HOT 11
- `pixi task list` panics if any feature has non-compatible platforms
- Cursor disapear after ctrl+c in a pixi menu HOT 1
- `system-requirements` ignored when using `no-default-feature = true` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pixi.