From 9bfa3c7fb1ef5b2733ce017a9213347fc7f7f2dc Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 4 Apr 2023 12:41:26 -0700 Subject: [PATCH] always pipstrap --- .../templates/jobs/packaging-jobs.yml | 4 --- .../templates/steps/tox-steps.yml | 1 - tools/docker/core/Dockerfile | 1 - tools/pip_install.py | 34 ++++++++++++++----- tools/pipstrap.py | 2 +- tools/venv.py | 1 - tox.ini | 1 - 7 files changed, 27 insertions(+), 17 deletions(-) diff --git a/.azure-pipelines/templates/jobs/packaging-jobs.yml b/.azure-pipelines/templates/jobs/packaging-jobs.yml index cd2a08886..d8c7beafa 100644 --- a/.azure-pipelines/templates/jobs/packaging-jobs.yml +++ b/.azure-pipelines/templates/jobs/packaging-jobs.yml @@ -62,7 +62,6 @@ jobs: addToPath: true - script: | python -m venv venv - venv\Scripts\python tools\pipstrap.py venv\Scripts\python tools\pip_install.py -e windows-installer displayName: Prepare Windows installer build environment - script: | @@ -99,7 +98,6 @@ jobs: displayName: Retrieve Windows installer - script: | python -m venv venv - venv\Scripts\python tools\pipstrap.py venv\Scripts\python tools\pip_install.py -e certbot-ci env: PIP_NO_BUILD_ISOLATION: no @@ -171,7 +169,6 @@ jobs: sudo apt-get update sudo apt-get install -y --no-install-recommends nginx-light snapd python3 -m venv venv - venv/bin/python tools/pipstrap.py venv/bin/python tools/pip_install.py -U tox displayName: Install dependencies - task: DownloadPipelineArtifact@2 @@ -209,7 +206,6 @@ jobs: - script: | set -e python3 -m venv venv - venv/bin/python tools/pipstrap.py venv/bin/python tools/pip_install.py -e certbot-ci displayName: Prepare Certbot-CI - script: | diff --git a/.azure-pipelines/templates/steps/tox-steps.yml b/.azure-pipelines/templates/steps/tox-steps.yml index b7027177b..a993677b1 100644 --- a/.azure-pipelines/templates/steps/tox-steps.yml +++ b/.azure-pipelines/templates/steps/tox-steps.yml @@ -30,7 +30,6 @@ steps: addToPath: true - bash: | set -e - python3 tools/pipstrap.py python3 tools/pip_install.py tox displayName: Install runtime dependencies - task: DownloadSecureFile@1 diff --git a/tools/docker/core/Dockerfile b/tools/docker/core/Dockerfile index 911e7796a..943d9f51c 100644 --- a/tools/docker/core/Dockerfile +++ b/tools/docker/core/Dockerfile @@ -40,7 +40,6 @@ RUN apk add --no-cache --virtual .build-deps \ python3-dev \ cargo \ git \ - && python tools/pipstrap.py \ && python tools/pip_install.py --no-cache-dir \ --editable src/acme \ --editable src/certbot \ diff --git a/tools/pip_install.py b/tools/pip_install.py index 2f401e6da..168feb61a 100755 --- a/tools/pip_install.py +++ b/tools/pip_install.py @@ -1,11 +1,14 @@ #!/usr/bin/env python # pip installs packages using pinned package versions. If CERTBOT_OLDEST is set # to 1, tools/oldest_constraints.txt is used, otherwise, tools/requirements.txt -# is used. +# is used. Before installing the requested packages, core Python packaging +# tools like pip, setuptools, and wheel are updated to pinned versions to +# increase stability of the install. from __future__ import absolute_import from __future__ import print_function +import contextlib import os import subprocess import sys @@ -16,21 +19,19 @@ def find_tools_path(): return os.path.dirname(os.path.realpath(__file__)) -def call_with_print(command, env=None): - if not env: - env = os.environ +def call_with_print(command, env): + assert env is not None print(command) subprocess.check_call(command, shell=True, env=env) -def pip_install_with_print(args_str, env=None): - if not env: - env = os.environ +def pip_install_with_print(args_str, env): command = ['"', sys.executable, '" -m pip install --disable-pip-version-check ', args_str] call_with_print(''.join(command), env=env) -def main(args): +@contextlib.contextmanager +def modified_environ(): tools_path = find_tools_path() with tempfile.TemporaryDirectory() as working_dir: @@ -43,8 +44,25 @@ def main(args): repo_path, 'tools', 'requirements.txt')) env = os.environ.copy() + # We set constraints for pip using an environment variable so that they + # are also used when installing build dependencies. See + # https://github.com/certbot/certbot/pull/8443 for more info. env["PIP_CONSTRAINT"] = constraints_path + yield env + +def pipstrap(env=None): + if env is None: + context_manager = modified_environ() + else: + context_manager = contextlib.nullcontext(env) + with context_manager as env: + pip_install_with_print('pip setuptools wheel', env=env) + + +def main(args): + with modified_environ() as env: + pipstrap(env) pip_install_with_print(' '.join(args), env=env) diff --git a/tools/pipstrap.py b/tools/pipstrap.py index d2dbfaba9..d74c50edd 100755 --- a/tools/pipstrap.py +++ b/tools/pipstrap.py @@ -4,7 +4,7 @@ import pip_install def main(): - pip_install.main('pip setuptools wheel'.split()) + pip_install.pipstrap() if __name__ == '__main__': diff --git a/tools/venv.py b/tools/venv.py index 0721b2b25..244a13798 100755 --- a/tools/venv.py +++ b/tools/venv.py @@ -197,7 +197,6 @@ def install_packages(venv_name, pip_args): """ # Using the python executable from venv, we ensure to execute following commands in this venv. py_venv = get_venv_python_path(venv_name) - subprocess_with_print([py_venv, os.path.abspath('tools/pipstrap.py')]) command = [py_venv, os.path.abspath('tools/pip_install.py')] command.extend(pip_args) subprocess_with_print(command) diff --git a/tox.ini b/tox.ini index 04652a4a1..de98c3e25 100644 --- a/tox.ini +++ b/tox.ini @@ -28,7 +28,6 @@ source_paths = acme/acme certbot/certbot certbot-apache/certbot_apache certbot-c platform = win: win32 posix: ^(?!.*win32).*$ -commands_pre = python {toxinidir}/tools/pipstrap.py commands = win: {[base]install_and_test} {[base]win_all_packages} !win: {[base]install_and_test} {[base]all_packages}