Add option to prefer locked versions of packages in build environments #14944
Conversation
zanieb
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
zanieb
force-pushed
the
zb/lock-extra-build-dependencies
branch
from
afe9742 to
1480f81
Compare
zanieb
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
zanieb
changed the title
zanieb
added
enhancement
zanieb
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
zanieb
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
crates/uv-settings/src/settings.rs
Outdated
| /// | ||
| /// When set to `prefer-locked`, uv will use the locked versions of packages specified in the | ||
| /// lockfile as preferences when resolving build dependencies during source builds. This helps | ||
| /// ensure that build environments are consistent with the project's resolved dependencies. |
There was a problem hiding this comment.
We can make this stronger by saying that the locked version will be used, if a single locked version exists in the lockfile, and if it doesn't cause any conflicts during resolution. (Though the latter isn't about the version being unfulfillable, but about whether it conflicts with higher priority packages in the resolution, which I hope is a detail users won't run into with build deps, and for which require-locked will help)
There was a problem hiding this comment.
I tried to capture this a little in 9a91e91
|
I like the |
zanieb
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
|
@geofft has pointed out an important concern, that since these preferences are not taken into account in the wheel cache key, you won't automatically get a rebuild of a package when your locked version of a build dependency changes; or, worse, if you have another project with a different locked version, they'll share the same cached wheel :/ |
zanieb
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
|
This is still "preferring" the locked version, but it sounds problematic. I'm not sure what the workaround is yet. |
This is the same logic we apply today without preferences: We build wheels once, and then cache them forever, even if the resolution of the package's build deps changes. For supporting caching with different version ranges, we need to support multiple builds with the same tag for a package in the cache, attach the build deps versions to it and select only fitting ones installation. A criteria could be whether the versions fit |
Yeah, I guess it doesn't seem that much worse than what we have today. Is it worth? We could look at caching separate builds based on build dependencies as a second step, right? |
## Summary This is an alternative to #14944 that functions a little differently. Rather than adding separate strategies, you can instead say: ```toml [tool.uv.extra-build-dependencies] child = [{ requirement = "anyio", match-runtime = true }] ``` Which will then enforce that `anyio` uses the same version as in the lockfile.
Adds a new
build-dependency-strategy = latest | prefer-lockedsetting.latestis the current behavior.prefer-lockedwill prefer to use locked versions of runtime dependencies for build dependencies when they match. This is intended to work with #14735 to allow addingtorchas an extra build dependency forflash-attnand prefer using the same version as you would at runtime (that's whatflash-attnrequires, but it's usually achieved by disabling build isolation).The name is
prefer-lockedbecause I want to add a future option... likerequire-lockedwhich will error if the versions matching the runtime versions cannot be used. The naming here is actually a little awkward, because it'll be confusing when we introduce locking of build dependencies separately from runtime requirements (which is on the roadmap). We might want to do...latest | try-match-runtime | match-runtime? I'm not sure. I also expect that we'll want a package-level variant of this setting, asmatch-runtimemight be too aggressive for most packages. I also find this setting a little awkward alongside #14735, I wonder if we want a dedicated build dependencies section?