• richieadler@lemmy.myserv.one
        link
        fedilink
        arrow-up
        6
        ·
        4 months ago

        … except for the part where the dependency definition doesn’t follow the latest approved PEP, and the default constraint with ^ add an upper limit that causes problems.

        I moved to PDM.

          • richieadler@lemmy.myserv.one
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            Given the glacial pace I’ve been seeing, I would’t be so sure… But understandable if you have many repos and need to reach consensus.

            You can reduce some impacts adding explicit >= constraints instead of ^.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              arrow-up
              2
              ·
              4 months ago

              The thing is, things are working reasonably well right now, so updating to be in sync with the latest PEP isn’t super impactful, whereas switching from requirements.txt -> poetry and pyproject.toml was a big change. So we’ll probably switch eventually, but since we have over a dozen repos and several teams across timezones, it isn’t a priority.

              I’ll certainly take a look though.

      • SandbagTiara2816@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        4 months ago

        Wait, what’s wrong with pip?

        (Disclaimer: I grade my Python proficiency slightly above beginner. I used it for some research in college and grad school, and I’ve made a few helpful scripts at work, but I am not anything approaching an expert)

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          arrow-up
          14
          arrow-down
          1
          ·
          4 months ago

          It does its job well, but it doesn’t do much more than that.

          The main workflow w/ Pip is:

          1. install whatever you need to get your app working
          2. pip freeze > requirements.txt so the next person can just pip install -r requirements.txt instead of figuring out the requirements
          3. either edit requirements.txt manually to do updates, or pip freeze again later

          There are some issues with this:

          • dependencies that are no longer needed tend to stick around since they’re in the requirements.txt
          • updating dependencies is a manual process and pretty annoying, especially when different packages have different dependencies
          • requirements.txt doesn’t have any structure, so to do something like separating dev vs prod dependencies, you need two (or more) requirements.txt files

          It’s totally fine for one-off scripts and whatnot, but it gets pretty annoying when working across multiple repositories on a larger project (i.e. what I do at work with microservices).

          Poetry improves this in a few ways:

          • poetry.lock - similar to requirements.txt, in that it locks all dependencies to specific versions
          • pyproject.toml - lists only your direct dependencies and certain exceptions (i.e. if you want to force a specific dependency version)
          • package groups - we tend to have local (linters and whatnot), test (deps for unit tests), and the default group (prod deps), so you can install only what you need (e.g. our CI uses test, prod uses no groups, and local uses everything)

          There’s a simple command to update all dependencies, and another command to try to add a dependency with minimal impact. It makes doing package updates a lot nicer, and I can easily compare direct dependencies between repositories since there’s minimal noise in the pyproject.toml (great when doing bulk updates of some critical dependency).

          TL;DR - pip is fine for small projects, alternatives are nice when dealing with large, complex projects because it gives you nicer control over dependencies.

    • flying_sheep@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      4 months ago

      I agree, although it undersells hatch and has a title that made me roll my eyes. Very well researched, none of the usual hot takes and clichés.

    • demizerone@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      I landed on hatch. The way it handles venvs and python versioning is awesome, and can also use UV. I haven’t used UV yet tho.

      • best_username_ever@sh.itjust.works
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        Not OP. I ended up using hatch to make packages because it’s simple and does everything without feeling like a jumbled mess of tools like Poetry. It feels unix-like and didn’t prevent from doing my job.

        • flying_sheep@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          Hatch is great. It’s easy to get started but I wouldn’t call it simple. Flit is simple, because it’s limited.

          Hatch is complex enough to allow you to override everything, which makes it not simple, but also not complicated.

  • unalivejoy@lemm.ee
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    4 months ago

    Unfortunately, PEP 582 was rejected, so PDM has deprecated the functionality. But it does support PEP 621, which can’t be said for Poetry. There’s a PR.

    • Eager Eagle@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 months ago

      Poetry’s compatibility with PEP 621 is underway, but it’ll likely be delayed to version 2.

      Poetry provides a lot of the same functionality for quite some time now, which complicates the quick adoption, but it’ll happen.

  • rutrum@lm.paradisus.day
    link
    fedilink
    English
    arrow-up
    6
    ·
    4 months ago

    I would love similar movement with regards to doc comment standards. My company uses numpy and its too verbose, and the style guide makes zero mention of type hints so we keep winging it. And with not many tools for enforcing the standards (like what type to actual write for a parameter) its an ongoing battle among the team.

    • NostraDavid@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      4 months ago

      It comes with built-in ruff and uv, and can handle Python versioning for you!

      Not sure if they want to eventually dissolve Rye into uv or what, but for now it’s one of the best (better than Poetry, IMO)

      edit: it also uses the pypoetry.toml standard, something Poetry doesn’t (because Poetry predates pyproject.toml becoming a standard).

      One possible downside: I’ve heard Rye doesn’t honor XDG, which means it has its own location for its config. I don’t mind, but perhaps you do.

      A second possible downside is that Rye doesn’t let you centralize your venvs, so each .venv goes into each project folder, so no using virtualenvwrapper with workon to jump between projects. zoxide can alleviate that problem, or presuming you have a ~/dev folder or similar, you could write a bash function that ls’ that folder and lets you select a folder via fzf? Go ask ChatGPT about it or something.

      edit2: link: https://rye.astral.sh/guide/installation/

      • callcc@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        Interesting. I might have a look. Actually I don’t have a problem with speed though. I spend most time not dealing with pip and pip-tools but reading docs, programming and fixing the weirdest bugs

      • ericjmorey@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        I’m hoping uv is able to make itself to Python what Cargo is to rust.

        Seems like Pixi is close but confined to the Conda ecosystem.

  • corsicanguppy@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    6
    ·
    4 months ago

    … and every one of them destroys single source of truth for installed state. Most of them have no validation potential, and most of them are imperfect upgrades/downgrades.

    If you don’t know why all that’s important, just remember why fired all our mentor types 20 years ago after the Y2K bust and so you had noone to teach you why. Mistakes like lennart’s Cancer didn’t grow in the light of rich knowledge sharing.