SarahAsad23 commented on code in PR #4902: URL: https://github.com/apache/texera/pull/4902#discussion_r3382590738
########## amber/system-requirements-lock.txt: ########## @@ -0,0 +1,102 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# This file is manually generated to track system packages used in PVEs. +# NOTE: This file must be updated whenever requirements.txt or +# operator-requirements.txt changes. Review Comment: The purpose of the system lock file is to capture the fully resolved set of system-level Python dependencies, not just the direct dependencies listed in `requirements.txt` and `operator-requirements.txt`. We originally considered using those two requirements files as the source of truth, but they only include the top level packages. During PVE creation, we need to check user requested packages against all packages already required by the system, including transitive dependencies, to prevent version conflicts. In some cases, installing a user package can upgrade or downgrade a transitive dependency that is also required by Texera’s system/operator packages, which can break existing functionality. Because of this, the lock file is used as a snapshot of the resolved system environment. It allows us to compare user-installed packages against the exact package versions already needed by the system, rather than only checking against the direct requirements. This helps prevent dependency drift and protects the base execution environment from being unintentionally changed by user packages. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
