Skip to content

pip-compile does not reuse hashes for unchanged versions if --upgrade #1672

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
pip-compile does not reuse hashes for unchanged versions if --upgrade#1672
Labels
hashesRelated to hashes generated via --generate-hashes
@AlpAribal

Description

@AlpAribal
AlpAribal
opened on Aug 21, 2022

If --upgrade is supplied, pip-compile re-generates hashes even for packages whose versions do not change.

I think this can be solved by using a separate LocalRequirementsRepository with all existing pins only for resolving hashes. If makes sense, I can take a stab at this.

Environment Versions

  1. OS Type: Linux
  2. Python version: $ python -V: Python 3.9.12
  3. pip version: $ pip --version: pip 22.2.2
  4. pip-tools version: $ pip-compile --version: pip-compile, version 6.8.0

Steps to replicate

  1. echo "tomli" > requirements.in && pip-compile --generate-hashes
  2. pip-compile --generate-hashes -v -U

Expected result

Log 
                          ROUND 1                           
Current constraints:
  tomli (from -r requirements.in (line 1))

Finding the best candidates:
  found candidate tomli==2.0.1 (constraint was <any>)

Finding secondary dependencies:
  tomli==2.0.1              requires -
------------------------------------------------------------
Result of round 1: stable, done

Generating hashes:

#
# This file is autogenerated by pip-compile with python 3.9
# To update, run:
#
#    pip-compile --generate-hashes
#
--index-url https://europe-west1-python.pkg.dev/mx-labs-devops/labs-pypi-registry/simple
--extra-index-url https://pypi.org/simple/

tomli==2.0.1 \
    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
    # via -r requirements.in

Actual result

Log 
                          ROUND 1                           
Current constraints:
  tomli (from -r requirements.in (line 1))

Finding the best candidates:
  found candidate tomli==2.0.1 (constraint was <any>)

Finding secondary dependencies:
  tomli==2.0.1              requires -
------------------------------------------------------------
Result of round 1: stable, done

Generating hashes:
  tomli
    Couldn't get hashes from PyPI, fallback to hashing files
    Hashing tomli-2.0.1.tar.gz
      |████████████████████████████████| 100%
    Hashing tomli-2.0.1-py3-none-any.whl
      |████████████████████████████████| 100%

#
# This file is autogenerated by pip-compile with python 3.9
# To update, run:
#
#    pip-compile --generate-hashes
#
--index-url https://europe-west1-python.pkg.dev/mx-labs-devops/labs-pypi-registry/simple
--extra-index-url https://pypi.org/simple/

tomli==2.0.1 \
    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
    # via -r requirements.in

Metadata

Assignees

No one assigned

    Labels

    hashesRelated to hashes generated via --generate-hashes

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions