Move dependency list out of pyproject.toml

They were moved in as part of #252 on the basis that this was "more modern". However we don't – and don't intend to – publish ehrQL as a package to PyPI and when we do build it as a package in our Docker image we tell pip to ignore dependencies anyway. And for some reason that we haven't got to the bottom of, Dependabot is unable to update our production dependencies if we specify them in this way. This moves us back to the `requirements.prod.in` pattern that we use elsewhere and which Dependabot handles nicely. Closes #964
opensafely-core · May 9, 2024 · 0b4ead7 · 0b4ead7
1 parent 168ff43
commit 0b4ead7
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 29 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -11,26 +11,6 @@ authors = [{name = "OpenSAFELY", email = "[email protected]"}]
 license = {file = "LICENSE"}
 classifiers = ["License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)"]
 requires-python = ">=3.11"
-dependencies = [
-  "pyarrow",
-  "sqlalchemy",
-  "structlog",
-
-  # Database driver for MS-SQL
-  "pymssql",
-
-  # Trino python client and database driver
-  "trino",
-
-  # Gives us isolation from the system version of SQLite and means we don't
-  # need to worry about e.g. some versions of SQLite missing the `FLOOR`
-  # function.
-  "sqlean.py",
-
-  # For graphing query graphs
-  "networkx",
-  "pydot",
-]
 
 [project.scripts]
 ehrql = "ehrql.__main__:entrypoint"

diff --git a/requirements.prod.in b/requirements.prod.in
@@ -0,0 +1,18 @@
+pyarrow
+sqlalchemy
+structlog
+
+# Database driver for MS-SQL
+pymssql
+
+# Trino python client and database driver
+trino
+
+# Gives us isolation from the system version of SQLite and means we don't
+# need to worry about e.g. some versions of SQLite missing the `FLOOR`
+# function.
+sqlean.py
+
+# For graphing query graphs
+networkx
+pydot
diff --git a/requirements.prod.txt b/requirements.prod.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --allow-unsafe --generate-hashes --output-file=requirements.prod.txt --strip-extras pyproject.toml
+#    pip-compile --allow-unsafe --generate-hashes --strip-extras requirements.prod.in
 #
 certifi==2024.2.2 \
     --hash=sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f \
@@ -167,7 +167,7 @@ idna==3.7 \
 networkx==3.3 \
     --hash=sha256:0c127d8b2f4865f59ae9cb8aafcd60b5c70f3241ebd66f7defad7c4ab90126c9 \
     --hash=sha256:28575580c6ebdaf4505b22c6256a2b9de86b316dc63ba9e93abde3d78dfdbcf2
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 numpy==1.26.4 \
     --hash=sha256:03a8c78d01d9781b28a6989f6fa1bb2c4f2d51201cf99d3dd875df6fbd96b23b \
     --hash=sha256:08beddf13648eb95f8d867350f6a018a4be2e5ad54c8d8caed89ebca558b2818 \
@@ -243,11 +243,11 @@ pyarrow==16.0.0 \
     --hash=sha256:f293e92d1db251447cb028ae12f7bc47526e4649c3a9924c8376cab4ad6b98bd \
     --hash=sha256:fb8065dbc0d051bf2ae2453af0484d99a43135cadabacf0af588a3be81fbbb9b \
     --hash=sha256:fda9a7cebd1b1d46c97b511f60f73a5b766a6de4c5236f144f41a5d5afec1f35
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 pydot==2.0.0 \
     --hash=sha256:408a47913ea7bd5d2d34b274144880c1310c4aee901f353cf21fe2e526a4ea28 \
     --hash=sha256:60246af215123fa062f21cd791be67dda23a6f280df09f68919e637a1e4f3235
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 pymssql==2.3.0 \
     --hash=sha256:04d4bc68c1b7f2524dd79e669f7336c31eefeb18f197f0d8a216a0034226eb95 \
     --hash=sha256:065e73fa53bf9bb166567192651233981929c4955e35ac8f0306e974cc4b4aaf \
@@ -345,7 +345,7 @@ pymssql==2.3.0 \
     --hash=sha256:fd67cd9bd67c371bcf34c8981d56299ac53f37b3cff913b3d5016b558e89656e \
     --hash=sha256:fd6cc1bb4d3b11fb911268e48b75d5f9ee7f899295e48fe3354fdefa8645180b \
     --hash=sha256:fec42705bea52b801ea4ec509b3baec098c0557a5e1521638b6b90a852cbd70f
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 pyparsing==3.1.2 \
     --hash=sha256:a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad \
     --hash=sha256:f9db75911801ed778fe61bb643079ff86601aca99fcae6345aa67292038fb742
@@ -416,7 +416,7 @@ sqlalchemy==2.0.30 \
     --hash=sha256:f69e4c756ee2686767eb80f94c0125c8b0a0b87ede03eacc5c8ae3b54b99dc46 \
     --hash=sha256:f7703c2010355dd28f53deb644a05fc30f796bd8598b43f0ba678878780b6e4c \
     --hash=sha256:fa561138a64f949f3e889eb9ab8c58e1504ab351d6cf55259dc4c248eaa19da6
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 sqlean-py==3.45.1 \
     --hash=sha256:0b0deb276d66c5e9377f70c1f8f4fad8fdf4957f632e73a248bd88479f0a8cb5 \
     --hash=sha256:1c137e6e27c184e1ecf6ca64a02a4ebf65b2c49c91e276da0af01662ef2066b2 \
@@ -448,15 +448,15 @@ sqlean-py==3.45.1 \
     --hash=sha256:d053f2550cf2d1a140e0fc9adf6a4349c8e5579c3e377d44c20be90082805f85 \
     --hash=sha256:eb4efe1676bd12562d103afdccd38c25a61fabdd7e6848a6c7c3a3539892d1c6 \
     --hash=sha256:f1caeb418399cd9ed4bcf3a43b1a191e4e9a91591efee14f915c54f21d845a28
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 structlog==24.1.0 \
     --hash=sha256:3f6efe7d25fab6e86f277713c218044669906537bb717c1807a09d46bca0714d \
     --hash=sha256:41a09886e4d55df25bdcb9b5c9674bccfab723ff43e0a86a1b7b236be8e57b16
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 trino==0.328.0 \
     --hash=sha256:5d4498356f894978478ae5574a503fe011254ac01bc19f786a3d3733eca8096f \
     --hash=sha256:bd6454ef1c16cc630b4bccb73e975502b007ff9b96ddeb56711f6099ca41e3a2
-    # via opensafely-ehrql (pyproject.toml)
+    # via -r requirements.prod.in
 typing-extensions==4.11.0 \
     --hash=sha256:83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0 \
     --hash=sha256:c1f94d72897edaf4ce775bb7558d5b79d8126906a14ea5ed1635921406c0387a