Implement Dependency RFC 0004 for pipenv

Question

Implement Dependency RFC 0004 for pipenv

sophiewigmore opened this issue 2 years ago · comments

Implement Dependency Management RFC Phase 1 for pipenv. Check out the RFC for more details and background.

1. Determine dependency source strategy

Background

When possible, dependencies should be used directly from upstream, rather than undergoing any additional compilation or modifications performed by Paketo-maintained code. For each dependency, the corresponding buildpack maintainer group will decide if the dependency can be used directly from upstream, and must identify the location from which the dependency will be pulled from. Some of the Paketo Java buildpacks perform directory stripping during the buildpack build process itself. This could be a viable alternative to performing directory modifications during the dependency management process for maintainers to consider.

Determine whether the dependency can be used directly from its upstream, rather than undergoing additional compilation/modification.

If using directly from upstream, note where dependencies will come from
If compiled or modified, note the decision for this

Document decision in a language-family level RFC. This decision can be combined in the RFC with the decision made for other buildpacks in the language family.

2. Version retrieval and metadata generation code

Please refer to the retrieval RFC section on version retrieval for details around the API and background.

Create retrieval code for the dependency

Will live in the buildpack under: dependency/retrieval/
Per the RFC, this will be a combination of (1) discovering new dependency versions based on the buildpack.toml, and (2) generating metadata for each new version.
Note : Per the RFC caveat - if the dependency is to be compiled, the SHA256 and URI field from the metadata should be omitted in this step.

3. Compilation code (if needed)

If the dependency will be compiled/modified, then refer to the compilation RFC section for API details and background.

Create compilation action

Will live in the buildpack under: dependency/actions/compile/

4. Dependency testing (optional)

It's up to maintainer discretion if the dependency will be tested. It's recommended to test the dependency if it's been compiled. Check out the testing RFC section for details.

Add tests for dependency

Will live in the buildpack under: dependency/test.

5. Makefile Setup

When using the generalized workflows for dependency management down the line, version retrieval and dependency testing will be executed via a Makefile in order to provide the workflow a standardized way to run the code, regardless of what language it was written in. Check out the RFC section for what this should look like.

Add Makefile

Will live in the buildpack at: dependency/Makefile

6. Leveraging the new code

This issue serves to set up all the main logic for the dependency management. The work to actually leverage this code and migrate off of the dep-server will be completed in a separate issue once workflows and infrastructure is set up.

Sophie Wigmore · Answer 1 · Fri Sep 23 2022 01:22:44 GMT+0800 (China Standard Time)

Please note that the checksum and source-checksum fields should be leveraged instead of sha256 and source_sha256 in metadata.

Sophie Wigmore · Answer 2 · Fri Sep 23 2022 01:27:37 GMT+0800 (China Standard Time)

Maintainers: For help in acceptance, check out the validator, to help verifying inputs/outputs of dependency API.