Skip to content

Manage versioning of Poetry tool dependency #931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 11, 2025
Merged

Manage versioning of Poetry tool dependency #931

merged 2 commits into from
Sep 11, 2025
+1,793 −481

Conversation

per1234
Copy link
Contributor

@per1234 per1234 commented Sep 11, 2025

The project's Python package dependencies are managed by the Poetry tool.

Previously, the version of Poetry was not managed in any way.

The GitHub Actions workflows used whichever version of Poetry happened to be installed on the runner machine. This meant that the GitHub Actions workflows could break at any time through the poetry installation on the runner machine being updated to an incompatible version.

The contributors used whichever version of Poetry happened to be installed on their machine. This meant that they might get different results from that produced by the environment of the GitHub Actions workflows.

The better solution is to take the same approach for managing the Poetry dependency as done for the project's other dependencies:

  • Install a specific version of Poetry according to a single source of versioning data.
  • Use the Dependabot service to get automated update pull requests.

The logical place to define the poetry package dependency version is in pyproject.toml, as is done for all direct Python package dependencies.

Dependabot recognizes two forms of dependency data in the pyproject.toml file:

Since Poetry can't be used to manage itself (it is instead installed using pipx), the obvious approach would be to define the poetry dependency in a PEP 621 field in the file. However, this is not possible because if Dependabot finds Poetry data in pyproject.toml, it ignores the PEP 621 fields. So it is necessary to define the Poetry dependency in the Poetry fields of the file. A special dependencies group is created for this purpose. That group is configured as "optional" so that it won't be installed redundantly by poetry install commands.

Unfortunately pipx doesn't support using pyproject.toml as a dependency configuration file so it is necessary to generate the dependency argument in the pipx command by parsing the project.toml file. The yq tool is used for this purpose.

@per1234
Manage versioning of Poetry tool dependency
89c1776 
The project Python package dependencies are managed by the "Poetry" tool.

Previously, the version of Poetry was not managed in any way.

The GitHub Actions workflows used whichever version of Poetry happened to be installed on the runner machine. This meant
that the GitHub Actions workflows could break at any time through the Poetry installation on the runner machine being
updated to an incompatible version.

The contributors used whichever version of Poetry happened to be installed on their machine. This meant that they might
get different results from that produced by the environment of the GitHub Actions workflows.

The better solution is to take the same approach for managing the Poetry dependency as is done for the project's other
dependencies:

* Install a specific version of Poetry according to a single source of versioning data.
* Use the Dependabot service to get automated update pull requests.

The logical place to define the Poetry package dependency version is in pyproject.toml, as is done for all other Python
package dependencies.

Dependabot has support for two different forms of dependency data in the pyproject.toml file:

* Original Poetry data format, under the `tool.poetry` table
* PEP 621 format data, under the `project` table

Since Poetry can't be used to manage itself (it is instead installed using the "pipx" tool), the obvious approach would
be to define the Poetry dependency via the `project` table in the file. However, this is not possible because if a
`tool.poetry` table is present in pyproject.toml, Dependabot ignores the dependencies data from the `project` table. So
it is necessary to place the data for the Poetry dependency under the `tool.poetry` table of the file. A special
dependencies group is created for this purpose. That group is configured as "optional" so that it won't be installed
redundantly by `poetry install` commands.

Unfortunately pipx doesn't support using pyproject.toml as a dependency configuration file so it is necessary to get the
Poetry version constraint for use in the dependency argument of the `pipx install` command by parsing the project.toml
file.
@per1234
Add TOML language formatting support to Prettier
7e22dc9 
Projects may use data files written in the TOML language. A common example of such is the `pyproject.toml` file present
in projects that use the Poetry Python package management tool (either for project code dependencies, or development
tools).

In cases where the TOML content is edited directly by human contributors, it will be useful to provide code formatting
infrastructure for TOML files, and to enforce consistent formatting. This is easily accomplished by adding TOML support
to the existing code formatting infrastructure via the "prettier-plugin-toml" plugin for the Prettier formatting tool.

Poetry's `poetry.lock` file is also written in the TOML language. This file is automatically generated and never
manually edited. In this case, the automatically generated content is accepted as-is. So Prettier is configured to
exclude the `poetry.lock` file from formatting.
@per1234 per1234 self-assigned this Sep 11, 2025
@per1234 per1234 added type: enhancement Proposed improvement topic: infrastructure Related to project infrastructure labels Sep 11, 2025
@codecov Codecov
Copy link

codecov bot commented Sep 11, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.33%. Comparing base (67e85b1) to head (7e22dc9).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #931   +/-   ##
=======================================
  Coverage   83.33%   83.33%           
=======================================
  Files           1        1           
  Lines         180      180           
=======================================
  Hits          150      150           
  Misses         19       19           
  Partials       11       11
Flag Coverage Δ
unit 83.33% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@per1234 per1234 merged commit c784475 into arduino:main Sep 11, 2025
62 of 74 checks passed
@per1234 per1234 deleted the manage-poetry branch September 11, 2025 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@per1234 per1234

Labels
topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@per1234