repository.secondary=true + dependency.source broken? #5122
Description
-
I am on the latest Poetry version.
-
I have searched the issues of this repo and believe that this is not a duplicate.
-
If an exception occurs when executing a command, I executed it again in debug mode (
-vvvoption). -
OS version and name: MAC OS
-
Poetry version: 1.1.12
-
Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/pierresouchay/60f3e8b9e20ee0d23f0e4604c7a73019
Issue
Following a discussion on #4920
When creating a source called "my-source" with secondary=true, I was expecting the repository to be hit under those conditions:
- if a given package is not present on pypi
- source=my-source is set on a dependency
This is actually not the case, the repository my-source is actually hit each time for every package, for instance when doing a poetry update.
This is causing a few issues if "my-source" is very slow for instance, as time increase on my local setup from 5s to 120s (a project with lots of dependencies).
Is there is a way to use "my-source" ONLY for a few packages?
Here is the output of poetry update -vvv with the pyproject.toml from https://gist.github.com/pierresouchay/60f3e8b9e20ee0d23f0e4604c7a73019 👍
poetry update -vvv
Using virtualenv: <REDACTED>
Updating dependencies
Resolving dependencies...
1: fact: multi-sources is 0.1.0
1: derived: multi-sources
1: fact: multi-sources depends on requests (^2.27.1)
1: fact: multi-sources depends on changelog (^0.5.7)
1: selecting multi-sources (0.1.0)
1: derived: changelog (>=0.5.7,<0.6.0)
1: derived: requests (>=2.27.1,<3.0.0)
my-source: 1 packages found for changelog >=0.5.7,<0.6.0
1: selecting changelog (0.5.7)
my-source: 1 packages found for requests >=2.27.1,<3.0.0
1: fact: requests (2.27.1) depends on urllib3 (>=1.21.1,<1.27)
1: fact: requests (2.27.1) depends on certifi (>=2017.4.17)
1: fact: requests (2.27.1) depends on charset-normalizer (>=2.0.0,<2.1.0)
1: fact: requests (2.27.1) depends on idna (>=2.5,<4)
1: selecting requests (2.27.1)
1: derived: idna (>=2.5,<4)
1: derived: charset-normalizer (>=2.0.0,<2.1.0)
1: derived: certifi (>=2017.4.17)
1: derived: urllib3 (>=1.21.1,<1.27)
PyPI: No release information found for certifi-0, skipping
PyPI: 22 packages found for certifi >=2017.4.17
my-source: 22 packages found for certifi >=2017.4.17
1: selecting certifi (2021.10.8)
PyPI: No release information found for urllib3-0.3, skipping
PyPI: No release information found for urllib3-0.3.1, skipping
PyPI: No release information found for urllib3-0.4.0, skipping
PyPI: No release information found for urllib3-0.4.1, skipping
PyPI: 28 packages found for urllib3 >=1.21.1,<1.27
my-source: 28 packages found for urllib3 >=1.21.1,<1.27
1: selecting urllib3 (1.26.8)
PyPI: No release information found for idna-0.1, skipping
PyPI: 10 packages found for idna >=2.5,<4
my-source: 10 packages found for idna >=2.5,<4
1: selecting idna (3.3)
PyPI: 11 packages found for charset-normalizer >=2.0.0,<2.1.0
my-source: 11 packages found for charset-normalizer >=2.0.0,<2.1.0
1: selecting charset-normalizer (2.0.10)
1: Version solving took 0.189 seconds.
1: Tried 1 solutions.
Finding the necessary packages for the current system
No dependencies to install or update
In this example, I used:
- secondary = true for "my-source"
The dependencies:
- requests = { version = "^2.27.1" }
- changelog = {version = "^0.5.7", source = "my-source"}
As shown, all packages are checked on my-source, while I expect only changelog to be checked against this repo.
If my source takes 1 sec to respond, the update process takes a very long time... Is it working as intended, but if so, could it be explained better or is it a bug?
If working as intended, would it be possible to use a source ONLY for the packages I want by default?