Skip to content

Fix pip-compile to update all lockfiles from single input file #13687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix pip-compile to update all lockfiles from single input file #13687

Copilot wants to merge 2 commits into from
+119 −27

Conversation

Copy link
Contributor

Copilot AI commented Dec 2, 2025
edited
Loading

What are you trying to accomplish?

Fixes #[linked issue] where a single .in file generating multiple .txt lockfiles (e.g., requirements.txt for Python 3.8 and requirements-3.12.txt for Python 3.12) only has one lockfile updated.

Root cause: compiled_file_for_filename used find returning only the first matching file instead of all files referencing the input.

Changes:

  • Added compiled_files_for_filename method returning all .txt files with --output-file headers referencing a given .in file
  • Modified compile_file to accept explicit output file parameter
  • Updated compilation loop to iterate over all output files per input file
  • Applied same fix to pip_compile_version_resolver.rb for consistency

Anything you want to highlight for special attention from reviewers?

The fix maintains backward compatibility:

  • compiled_file_for_filename (singular) still exists, delegating to .first on the new method
  • When no output files are found, falls back to convention-based matching (input.ininput.txt)
  • Empty output file list compiles with nil to preserve default pip-compile behavior

How will you know you've accomplished your goal?

Added test case "with multiple output files from a single input file" that:

  • Creates two .txt fixtures with different --output-file headers referencing the same .in file
  • Verifies both files are updated with the new dependency version

All 27 existing pip_compile_file_updater tests pass.

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.
Original prompt

This section details on the original issue you should resolve

<issue_title>Only a subset of lockfiles being updated</issue_title>
<issue_description>### Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

pip-compile

Package manager version

pip-compile 7.4.1

Language version

Python 3.8

Manifest location and content before the Dependabot update

https://github.com/ska-sa/spead2/blob/14739439cd000ca7d83085d6073ad62968e2576e/requirements.in
https://github.com/ska-sa/spead2/blob/14739439cd000ca7d83085d6073ad62968e2576e/requirements.txt
https://github.com/ska-sa/spead2/blob/14739439cd000ca7d83085d6073ad62968e2576e/requirements-3.12.txt

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      production-group:
        dependency-type: "production"
      development-group:
        dependency-type: "development"

Updated dependency

No response

What you expected to see, versus what you actually saw

I have a single source requirements.in, from which I generate two lockfiles: requirements.txt for Python 3.8, and requirements-3.12 for Python 3.12. When Dependabot opens a PR such as ska-sa/spead2#324, it's only updating the latter.

I expected to see updates to requirements.txt as well (whether in the same or a separate PR).

Native package manager behavior

Running pip-compile -U requirements.in in a Python 3.8 environment produces the following diff:

diff --git a/requirements.txt b/requirements.txt
index 6f21686..6bd0eee 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -21,11 +21,11 @@ numpy==1.24.4
     #   -r requirements.in
     #   numba
     #   scipy
-packaging==24.0
+packaging==24.1
     # via pytest
 pluggy==1.5.0
     # via pytest
-pytest==8.2.1
+pytest==8.2.2
     # via
     #   -r requirements.in
     #   pytest-asyncio
@@ -41,5 +41,5 @@ scipy==1.10.1
     # via -r requirements.in
 tomli==2.0.1
     # via pytest
-zipp==3.19.0
+zipp==3.19.2
     # via importlib-metadata

Images of the diff or a link to the PR, issue, or logs

ska-sa/spead2#324

Smallest manifest that reproduces the issue

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Fix issue with updating only a subset of lockfiles Fix pip-compile to update all lockfiles from single input file Dec 2, 2025
Copilot AI requested a review from AbhishekBhaskar December 2, 2025 06:07
Copilot finished work on behalf of AbhishekBhaskar December 2, 2025 06:07
@AbhishekBhaskar AbhishekBhaskar marked this pull request as ready for review December 5, 2025 06:53
@AbhishekBhaskar AbhishekBhaskar requested a review from a team as a code owner December 5, 2025 06:53
Copilot AI and others added 2 commits December 5, 2025 00:53
@AbhishekBhaskar
Fix pip-compile to update all lockfiles from single input file
fba51c0 
When a single .in file generates multiple .txt lockfiles with different
--output-file options, dependabot now correctly updates all of them.

Previously only one lockfile was updated because `compiled_file_for_filename`
returned only the first matching file. Now `compiled_files_for_filename`
returns all matching files, and compile_file is called for each output file.

Fixes: single .in file with multiple .txt outputs issue

Co-authored-by: AbhishekBhaskar <[email protected]>
@AbhishekBhaskar
Simplify compile loop per code review feedback
2fe3411 
Co-authored-by: AbhishekBhaskar <[email protected]>
@AbhishekBhaskar AbhishekBhaskar force-pushed the copilot/fix-lockfiles-update-issue branch from 1cf0312 to 2fe3411 Compare December 5, 2025 06:53
kbukum1
kbukum1 approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@kbukum1 kbukum1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbukum1 kbukum1 kbukum1 approved these changes

@AbhishekBhaskar AbhishekBhaskar Awaiting requested review from AbhishekBhaskar

Assignees

@AbhishekBhaskar AbhishekBhaskar

Copilot code review Copilot

Labels

L: python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Only a subset of lockfiles being updated

3 participants

@kbukum1 @AbhishekBhaskar