Excerpts from Waldvogel, Sebastian's message of 2017-04-19 16:21:13 +0000:
> Hello Clark,
>
> Thank you for this info that updating to 2.5.2 is safe.
>
> Unfortunately in our full docker driven CI environment I am using the
> concrete zuul version 2.5.1 and not the latest one.
> So yesterday an incompatible voluptuous library got installed during a
> rebuild of the docker Zuul container.
>
> I suggest to use concrete version dependencies in requirements.txt instead of
> the version ranges ">=". Otherwise the installation of zuul is not
> reproducible in automated environments like Docker or any other desired state
> language (puppet, ansible, ...)
Actually that's what constraints are for. Typically you'll want to
produce a constraints file when you've tested a set of deps working. You
can do that from the tested system/venv/etc with this:
pip freeze > upper-constraints.txt
Then you can edit that file when you want to pull in new versions in a
patch to that file rather than at the whim of pypi uploads.
So your automation likely does something like
RUN pip install zuul===2.5.1
Add a file, upper-constraints.txt, with at least this:
volutuptuous==0.10.5
RUN pip install -c upper-constraints.txt zuul==2.5.1
_______________________________________________
OpenStack-Infra mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
