> On Jul 6, 2017, at 10:38 AM, Nick Coghlan <ncogh...@gmail.com> wrote: > > if you're not using > something like tox for your local testing, it's otherwise fairly easy > to inadvertently publish sdists that don't actually include all the > files they need to successfully build a wheel file
Even if you *are* using tox, it is super easy to do this, because of the way Python’s import semantics work, it’s incredibly easy to run your tests against the version that is sitting in your local directory instead of the version that tox just installed into the virtual environment. If you use something like a top level ``tests/`` directory alongside your ``foobar/`` directory, this becomes entirely unavoidable even. To do this correctly requires moving your ``foobar/`` directory down a level into a ``src/`` directory, leaving the ``tests/`` directory at the top level and then using something like setup()’s package_dir to deal with that change. This of course then breaks other things like coverage.py where you then need to spend a bit of effort configuring coverage.py to understand that the code you’re running is going to be inside of a virtual environment in tox, and not in your local directory. There’s a lot of history to unpack in these PRs, and it’s not really required reading, but if you feel like diving into this more, you can see me trying to do everything I could to avoid the above mess on the cryptography projects, and eventually giving up and just dealing with the src/ directory at: * https://github.com/pyca/cryptography/pull/1468 <https://github.com/pyca/cryptography/pull/1468> * https://github.com/pyca/cryptography/pull/1469 <https://github.com/pyca/cryptography/pull/1469> * https://github.com/pyca/cryptography/pull/1470 <https://github.com/pyca/cryptography/pull/1470> It is *really* hard to test that your package works when installed and it requires on ensuring that a fairly arcane set of circumstances never change but which are completely non obvious that they’d effect that in the slightest. I suspect that the vast bulk of projects using tox are *not* actually testing against the installed sdist but are instead testing the local copy sitting in . — Donald Stufft
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
