From 924084428677f46137a19b8e1d1133d339b727da Mon Sep 17 00:00:00 2001 From: Hinrich Mahler <22366557+Bibo-Joshi@users.noreply.github.com> Date: Mon, 18 Apr 2022 21:33:08 +0200 Subject: [PATCH 1/5] Update dependencies, add notes to readme, add automation --- .github/dependabot.yml | 14 ++++++++++++++ .github/workflows/test.yml | 3 +++ README.rst | 24 +++++++++++++++++++++--- README_RAW.rst | 19 +++++++++++++++++-- requirements.txt | 19 ++++++++++++++++--- setup.py | 6 ++++-- 6 files changed, 75 insertions(+), 10 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000000..31252a3e4cf --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "friday" + + # Updates the dependencies of the GitHub Actions workflows + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + day: "friday" \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 73a639512b9..35d1a55efdd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,6 +8,9 @@ on: branches: - master - v14 + schedule: + # Run every night on 03:07 - odd time to spread load on GitHub Actions + - cron: '7 3 * * *' jobs: pytest: diff --git a/README.rst b/README.rst index fbdfd5a6e62..cff13451d79 100644 --- a/README.rst +++ b/README.rst @@ -145,15 +145,33 @@ Or you can install from source with: $ cd python-telegram-bot $ python setup.py install +----------------------------- +Dependencies & Their Versions +----------------------------- + +``python-telegram-bot`` tries to use as few 3rd party dependencies as possible. +However, for some features using a 3rd party library is more sane than implementing the functionality again. +The dependencies are: + +* `httpx ~= 0.22.0 `_ for ``telegram.request.HTTPXRequest``, the default networking backend +* `tornado~=6.1 `_ for ``telegram.ext.Updater.start_webhook`` +* `cachetools~=5.0.0 `_ for ``telegram.ext.CallbackDataCache`` +* `APScheduler~=3.9.1 `_ for ``telegram.ext.JobQueue`` + +``python-telegram-bot`` is most useful when used along with additional libraries. +To minimize dependency conflicts, we try to be liberal in terms of version requirements on the dependencies. +On the other hand, we have to ensure stability of ``python-telegram-bot``, which is why we do apply version bounds. +If you encounter dependency conflicts due to these bounds, feel free to reach out. + --------------------- Optional Dependencies --------------------- PTB can be installed with optional dependencies: -* ``pip install python-telegram-bot[passport]`` installs the `cryptography `_ library. Use this, if you want to use Telegram Passport related functionality. -* ``pip install python-telegram-bot[json]`` installs the `ujson `_ library. It will then be used for JSON de- & encoding, which can bring speed up compared to the standard `json `_ library. -* ``pip install python-telegram-bot[socks]`` installs the `PySocks `_ library. Use this, if you want to work behind a Socks5 server. +* ``pip install python-telegram-bot[passport]`` installs the `cryptography>=3.0 `_ library. Use this, if you want to use Telegram Passport related functionality. +* ``pip install python-telegram-bot[json]`` installs the `ujson>=4.0.0 `_ library. It will then be used for JSON de- & encoding, which can bring speed up compared to the standard `json `_ library. +* ``pip install python-telegram-bot[socks]`` installs ``httpx[socks]``. Use this, if you want to work behind a Socks5 server. =============== Getting started diff --git a/README_RAW.rst b/README_RAW.rst index fb4184d56e1..7de5c115a4e 100644 --- a/README_RAW.rst +++ b/README_RAW.rst @@ -138,14 +138,29 @@ Note Installing the `.tar.gz` archive available on PyPi directly via `pip` will *not* work as expected, as `pip` does not recognize that it should use `setup-raw.py` instead of `setup.py`. +----------------------------- +Dependencies & Their Versions +----------------------------- + +``python-telegram-bot`` tries to use as few 3rd party dependencies as possible. +However, for some features using a 3rd party library is more sane than implementing the functionality again. +The dependencies are: + +* `httpx ~= 0.22.0 `_ for ``telegram.request.HTTPXRequest``, the default networking backend + +``python-telegram-bot`` is most useful when used along with additional libraries. +To minimize dependency conflicts, we try to be liberal in terms of version requirements on the dependencies. +On the other hand, we have to ensure stability of ``python-telegram-bot``, which is why we do apply version bounds. +If you encounter dependency conflicts due to these bounds, feel free to reach out. + --------------------- Optional Dependencies --------------------- PTB can be installed with optional dependencies: -* ``pip install python-telegram-bot-raw[passport]`` installs the `cryptography `_ library. Use this, if you want to use Telegram Passport related functionality. -* ``pip install python-telegram-bot-raw[json]`` installs the `ujson `_ library. It will then be used for JSON de- & encoding, which can bring speed up compared to the standard `json `_ library. +* ``pip install python-telegram-bot-raw[passport]`` installs the `cryptography>=3.0 `_ library. Use this, if you want to use Telegram Passport related functionality. +* ``pip install python-telegram-bot-raw[json]`` installs the `ujson>=4.0.0 `_ library. It will then be used for JSON de- & encoding, which can bring speed up compared to the standard `json `_ library. =============== Getting started diff --git a/requirements.txt b/requirements.txt index b452ab92b47..e0556438784 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,21 @@ # Make sure to install those as additional_dependencies in the # pre-commit hooks for pylint & mypy +# Also update the readme accordingly + +# When dependencies release new versions and tests succeed, we should try to expand the allowed +# versions and only increase the lower bound if necessary + +# httpx has no stable release yet, so let's be cautious for now httpx ~= 0.22.0 # only telegram.ext: # Keep this line here; used in setup(-raw).py -tornado>=6.1 -APScheduler==3.8.1 + +# tornado is rather stable, but let's not allow the next mayor release without prior testing +tornado~=6.1 + +# Cachetools and APS don't have a strict stability policy. +# Let's be cautious for. +cachetools~=5.0.0 +APScheduler~=3.9.1 + +# pytz is required by APS and just needs the lower bound due to #2120 pytz>=2018.6 -cachetools==4.2.2 diff --git a/setup.py b/setup.py index f14126c96cd..eeac4baba61 100644 --- a/setup.py +++ b/setup.py @@ -71,10 +71,12 @@ def get_setup_kwargs(raw=False): packages=packages, install_requires=requirements, extras_require={ - 'json': 'ujson', 'socks': 'httpx[socks]', + # json and cryptography are very stable, so we use a reasonably new version as + # lower bound and have no upper bound + 'json': 'ujson>=4.0.0', # 3.4-3.4.3 contained some cyclical import bugs - 'passport': 'cryptography!=3.4,!=3.4.1,!=3.4.2,!=3.4.3', + 'passport': 'cryptography!=3.4,!=3.4.1,!=3.4.2,!=3.4.3,>=3.0', }, include_package_data=True, classifiers=[ From ae7bcc351d32958e8ce9db1d1d1036bc2dae22a5 Mon Sep 17 00:00:00 2001 From: Hinrich Mahler <22366557+Bibo-Joshi@users.noreply.github.com> Date: Mon, 18 Apr 2022 21:41:30 +0200 Subject: [PATCH 2/5] update pre-commit as well --- .github/dependabot.yml | 2 +- .pre-commit-config.yaml | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 31252a3e4cf..9d79fbdf366 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,4 +11,4 @@ updates: directory: "/" schedule: interval: "monthly" - day: "friday" \ No newline at end of file + day: "friday" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5d7979a6d61..648830c68f3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -25,10 +25,10 @@ repos: # run pylint across multiple cpu cores to speed it up- - --jobs=0 # See https://pylint.pycqa.org/en/latest/user_guide/run.html?#parallel-execution to know more additional_dependencies: - - httpx >= 0.20.0,<1.0 - - tornado>=6.1 - - APScheduler==3.6.3 - - cachetools==4.2.2 + - httpx~=0.22.0 + - tornado~=6.1 + - APScheduler==3.9.1 + - cachetools~=5.0.0 - . # this basically does `pip install -e .` - repo: https://github.com/pre-commit/mirrors-mypy rev: v0.910 @@ -41,10 +41,10 @@ repos: - types-pytz - types-cryptography - types-cachetools - - httpx >= 0.20.0,<1.0 - - tornado>=6.1 - - APScheduler==3.6.3 - - cachetools==4.2.2 + - httpx~=0.22.0 + - tornado~=6.1 + - APScheduler==3.9.1 + - cachetools~=5.0.0 - . # this basically does `pip install -e .` - id: mypy name: mypy-examples @@ -53,10 +53,9 @@ repos: - --no-strict-optional - --follow-imports=silent additional_dependencies: - - certifi - - tornado>=6.1 - - APScheduler==3.6.3 - - cachetools==4.2.2 + - tornado~=6.1 + - APScheduler==3.9.1 + - cachetools~=5.0.0 - . # this basically does `pip install -e .` - repo: https://github.com/asottile/pyupgrade rev: v2.29.0 From 5ca9644071656e9c384e20fc61035d7d30b43528 Mon Sep 17 00:00:00 2001 From: Hinrich Mahler <22366557+Bibo-Joshi@users.noreply.github.com> Date: Tue, 19 Apr 2022 21:35:15 +0200 Subject: [PATCH 3/5] review --- .github/workflows/test.yml | 2 +- .pre-commit-config.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 35d1a55efdd..2b787b2bd90 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ on: - master - v14 schedule: - # Run every night on 03:07 - odd time to spread load on GitHub Actions + # Run every night at 03:07 - odd time to spread load on GitHub Actions - cron: '7 3 * * *' jobs: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 648830c68f3..794badd53b5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -27,7 +27,7 @@ repos: additional_dependencies: - httpx~=0.22.0 - tornado~=6.1 - - APScheduler==3.9.1 + - APScheduler~=3.9.1 - cachetools~=5.0.0 - . # this basically does `pip install -e .` - repo: https://github.com/pre-commit/mirrors-mypy @@ -43,7 +43,7 @@ repos: - types-cachetools - httpx~=0.22.0 - tornado~=6.1 - - APScheduler==3.9.1 + - APScheduler~=3.9.1 - cachetools~=5.0.0 - . # this basically does `pip install -e .` - id: mypy @@ -54,7 +54,7 @@ repos: - --follow-imports=silent additional_dependencies: - tornado~=6.1 - - APScheduler==3.9.1 + - APScheduler~=3.9.1 - cachetools~=5.0.0 - . # this basically does `pip install -e .` - repo: https://github.com/asottile/pyupgrade From 6eb6e02c7ed78216e4cf02cdb8baff1b36db8271 Mon Sep 17 00:00:00 2001 From: Hinrich Mahler <22366557+Bibo-Joshi@users.noreply.github.com> Date: Wed, 27 Apr 2022 16:49:13 +0200 Subject: [PATCH 4/5] typo --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e0556438784..8b5e201dd92 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,7 +13,7 @@ httpx ~= 0.22.0 tornado~=6.1 # Cachetools and APS don't have a strict stability policy. -# Let's be cautious for. +# Let's be cautious for now. cachetools~=5.0.0 APScheduler~=3.9.1 From 8b0096943197e1ad1e015a255ba1bd876ef6a051 Mon Sep 17 00:00:00 2001 From: Hinrich Mahler <22366557+Bibo-Joshi@users.noreply.github.com> Date: Fri, 29 Apr 2022 08:09:26 +0200 Subject: [PATCH 5/5] run workflow only mo & fri --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2b787b2bd90..be1e6d20d8b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,8 +9,8 @@ on: - master - v14 schedule: - # Run every night at 03:07 - odd time to spread load on GitHub Actions - - cron: '7 3 * * *' + # Run monday and friday morning at 03:07 - odd time to spread load on GitHub Actions + - cron: '7 3 * * 1,5' jobs: pytest: