PIP dependency support

[mattmoor]

This is a proposal for some PIP rules that are heavily based on a prototype I wrote a month or two back. Very open to suggestions here, but it seems to work across a number of examples I've tried so far.

[damienmg]

No big remarks, except adding the bazel ci configuration.

[damienmg]

Why have all those parts? emacs exclude belongs to the ~/.gitignore, all the bin files should not be generated by bazel

[mattmoor]

This is just my standard .gitignore file I copy from repo to repo. I never touch it again.

[damienmg]

Repo .gitignore are supposed to be repo specific, so not includes things like *~...

[duggelz]

I advice I got, didn't like, but eventually learned to appreciate the wisdom of, is to create a ~/.gitignore_global with all the editor autosave filenames, etc (things that are particular to me, not to the repo I'm working on), and do git config --global core.excludesfile ~/.gitignore_global

Otherwise, you're like "What part of this Python program creates Fortran executables?!"

[damienmg]

Add .ci/rules_python.json for CI. see https://github.com/bazelbuild/continuous-integration/blob/master/docs/owner.md#customizing-a-project

Seeing the build, you probably just want:

[
    {
          "variation": "",
           "configurations": [
                {"node": "linux-x86_64"},
                {"node": "ubuntu_16.04-x86_64"},
                {"node": "darwin-x86_64"}
           ]
    }
]

[mattmoor]

Done

[damienmg]

You probably meant requirements.bzl here

[mattmoor]

Thanks

[damienmg]

Not updated? Maybe you just want to delete that part all in profit of the skydoc generated.

[mattmoor]

Ha, I think this bug was in two places. thanks for catching it again :)

[damienmg]

General comment for this file: the file already complex, why not in python instead?

[mattmoor]

See line 17. I was halfway through rewriting one of these scripts in Python before I realized: I can't invoke a py_binary during WORKSPACE, I'd have to publish a PAR file. I immediately git stashed and rewrote my TODO instead. :(

[damienmg]

:( I actually do things without py_binary for simple python_script (I know that is a shame) using simply python <script.py>. Anyway up to you.

[mattmoor]

I suppose that is true. I want to be able to factor libraries and have a clean separation of unit tests etc. I'll experiment with my stashed changes with this in mind.

[duggelz]

I would say it's ok to use shell here, not Python. But you actually need Python inside the script to parse json, so yeah.

[duggelz]

For historical reasons that are still sometimes relevant, don't put the -e in the shebang line, instead add set -euo pipefail around line 16

[mattmoor]

The only remaining shell script now does this (I copied it from you :D)

[damienmg]

Same here, bash can become quickly hard to read...

[mattmoor]

Ack

[mattmoor]

@duggelz Do you have any suggestions on the best way to download and invoke pip without using get-pip.py to install it as a system-wide dependency? This seems to be why the OSX build is failing.

[mattmoor]

@sebgoa You'd asked for this at one point, if you are still interested I'd love your feedback.

[duggelz]

There's a thing called skydoc that will turn structured docstrings into Bazel documentation. However, it's kind of basic and a bit, well, not beautiful. https://google.github.io/subpar/subpar.html

[mattmoor]

I'll TAL at skydoc for this repo, but in rules_docker and rules_k8s I'm blocked on this

[mattmoor]

Ok, I've switched over to skydoc for the docs here (based on how google/subpar does it). Feedback welcome :)

[mattmoor]

I moved whl.sh into a little Python script that I can invoke directly, but also reasonably unit test.

I have not moved pip.sh yet, and thinking about it left me with an idea. Considering:

• Shelling out to pip from Python is a bit silly,
• @damienmg's trick won't work if I have a pip library dependency,
• I still haven't solved the pip fetching problem.

What if we build / publish a PAR (similar to the process rules_docker uses), which links the pip library, and removes the need to get-pip.py somehow? WDYT?

I still haven't found a clean process for doing this from a single repo (google/containerregistry and bazelbuild/rules_docker are separate repos), but that seems like a smaller problem to solve.

[mattmoor]

I found this, which may be relevant to why certs aren't working properly from pip in a PAR file. It is similar to the trick we do for httplib2 in google/containerregistry tools.

[duggelz]

self.assertEqual(pip.__version__, '9.0.1')? You might be overthinking this :) There's no standard format for __version__, as you discovered, sometimes it's a tuple, sometimes a string, sometimes it doesn't exist.

[duggelz]

I feel like you're really playing with fire calling your package python.

[mattmoor]

@duggelz I think that's a very good question, and I think it breaks down where you have:

A and B have a_install() and b_install() functions that are also called in c/WORKSPACE

As you are clearly driving at, we have 3 sets of requirements that are being merged after the constraints have been solved, which I think is a losing proposition.

I think that my expectation is that instead of a_install and b_install we would pip_import a blended requirements.txt from A, B, C, and just abc_install.

This story is only half-baked because:

1. We don't have a rule for combining @A//:requirements.txt and @B//:requirements.txt (but I suspect this is pretty easy).
2. A, B, and C may each references this collection of dependencies with different repository names (but I believe this is doable by aliasing repositories with bind). At one point, with this exact problem in mind, I debated removing users capacity to name the repository itself, which would effectively guarantee a single resolution step, but I thought this was a bit extreme (e.g. what if I want to write an invoked tool that has its own requirements.txt, that's ok).

---

I think the crux of this issue is that WORKSPACE currently serves two roles (I hint at this above):

1. Resolving dependencies based on fuzzy constraints (incl. transitive resolution).
2. Fetching dependencies based on concrete specification.

The analogs to this outside of Bazel are things like [frozen] requirements.txt or package[-lock].json.

I think the guidance should be for users not to mix independently resolved external dependencies, but I'm not 100% sure if/how we can enforce it. Perhaps we can do this through Bazel's constraint system, but I have not looked any further at how we might express this.

Is what I'm describing clear? Does my logic make sense?

[duggelz]

@mattmoor I agree with what you wrote. Some additional points:

1. Bazel has a native.existing_rules that make fixing my points 1 and 2 easy.
2. Looking at various repository rules, there is a nice omit_foo pattern that allows C to override A and B as desired.
3. The conflict between "fuzzy constraints" and "concrete specification" is real. Python aims to address this with Pipfile vs Pipfile.lock, but meanwhile we muddle through.

I don't think we need to make a tool that tries to merge A and B automatically or anything. I think it's reasonable to say that C must provide a requirements.txt that satisfies every need that A and B have.

After reading some discussions about Java/Maven, I do think that we should put the names in a canonical format that we document and agree on. Specifically, I think we should have the literal prefix pypi_ on names that would otherwise be very short and ambigous. E.g. @pypi__package_name_here//:package_name or @pypi__package_name_here__version_here//:package_name

[mattmoor]

@duggelz Given that things are hidden behind package(...) in the expected usage today, I think this is completely fine. The main change is that we wouldn't namespace packages based on the enclosing pip_import, which I think is fine.

I've gone with pypi__{distribution}_{version}, used existing_rules to avoid multiple imports, but each pip_import will still exposes the library through package() even if it didn't import it. I included a section in the README.md covering canonical naming.

[mattmoor]

@duggelz Hooray, green CI :)