📝2023-05-21 JumeauxのGitHub ActionsにてPoetryのResolving dependenciesに2時間近くかかる

## 事象 https://github.com/tadashi-aikawa/jumeaux/actions/runs/4888597407/jobs/8726407133 の `Install dependencies`に2時間近くかかっている。発生日の前日は1分もかかっていない。 https://github.com/tadashi-aikawa/jumeaux/actions/runs/4877798918/jobs/8702810927 [[Python 3.7]]～[[Python 3.10]]すべてのバージョンで発生している。 ## 調査 [[Poetry]]をインストールする際の依存関係にバージョン差異がないかを調べてみた。 ```diff - Successfully installed SecretStorage-3.3.3 attrs-23.1.0 build-0.10.0 cachecontrol-0.12.11 certifi-2022.12.7 cffi-1.15.1 charset-normalizer-3.1.0 cleo-2.0.1 crashtest-0.4.1 cryptography-40.0.2 distlib-0.3.6 dulwich-0.21.4 filelock-3.12.0 html5lib-1.1 idna-3.4 importlib-metadata-6.6.0 installer-0.7.0 jaraco.classes-3.2.3 jeepney-0.8.0 jsonschema-4.17.3 keyring-23.13.1 lockfile-0.12.2 more-itertools-9.1.0 msgpack-1.0.5 packaging-23.1 pexpect-4.8.0 pip-23.1.2 pkginfo-1.9.6 platformdirs-2.6.2 poetry-1.4.2 poetry-core-1.5.2 poetry-plugin-export-1.3.1 ptyprocess-0.7.0 pycparser-2.21 pyproject-hooks-1.0.0 pyrsistent-0.19.3 rapidfuzz-2.15.1 requests-2.29.0 requests-toolbelt-0.10.1 shellingham-1.5.0.post1 six-1.16.0 tomli-2.0.1 tomlkit-0.11.8 trove-classifiers-2023.5.2 urllib3-1.26.15 virtualenv-20.21.1 webencodings-0.5.1 zipp-3.15.0 + Successfully installed SecretStorage-3.3.3 attrs-23.1.0 build-0.10.0 cachecontrol-0.12.11 certifi-2022.12.7 cffi-1.15.1 charset-normalizer-3.1.0 cleo-2.0.1 crashtest-0.4.1 cryptography-40.0.2 distlib-0.3.6 dulwich-0.21.5 filelock-3.12.0 html5lib-1.1 idna-3.4 importlib-metadata-6.6.0 installer-0.7.0 jaraco.classes-3.2.3 jeepney-0.8.0 jsonschema-4.17.3 keyring-23.13.1 lockfile-0.12.2 more-itertools-9.1.0 msgpack-1.0.5 packaging-23.1 pexpect-4.8.0 pip-23.1.2 pkginfo-1.9.6 platformdirs-2.6.2 poetry-1.4.2 poetry-core-1.5.2 poetry-plugin-export-1.3.1 ptyprocess-0.7.0 pycparser-2.21 pyproject-hooks-1.0.0 pyrsistent-0.19.3 rapidfuzz-2.15.1 requests-2.30.0 requests-toolbelt-0.10.1 shellingham-1.5.0.post1 six-1.16.0 tomli-2.0.1 tomlkit-0.11.8 trove-classifiers-2023.5.2 urllib3-1.26.15 virtualenv-20.21.1 webencodings-0.5.1 zipp-3.15.0 ``` [[requests]]のバージョンが2.29.0から2.30.0に上がっている。ただこれ自体には問題ない。重要なのは **この日を境に[[requests]]の2.30.0が最新になったという事実** だ。 ### [[urllib3]]のバージョンコンフリクト [[🦉Jumeaux]]をローカルにクローンする。 ```console git clone https://github.com/tadashi-aikawa/jumeaux.git ``` そして[[poetry.lock]]を削除する。[[poetry.lock]]が存在すると依存性の解決は実行されないので再現されないからだ。 ```console cd jumeaux rm poetry.lock ``` その状態で[[依存性関係グラフ]]をデバッグログ付きで生成してみる。 ```console poetry debug resolve -vv ``` > [!caution] 動作確認の際はキャッシュをクリアしておくこと > ```console > poetry cache clear --all pypi > ``` 大量にログが出てくるが、どうやらバージョンコンフリクトが発生しており、その再試行回数が大変なことになっていそう。 > [!info]- ログ > > ```console > Resolving dependencies... > 1: fact: jumeaux is 4.0.0 > 1: derived: jumeaux > 1: fact: jumeaux depends on requests (^2.22.0) > 1: fact: jumeaux depends on docopt (^0.6.2) > 1: fact: jumeaux depends on schema (^0.7.1) > 1: fact: jumeaux depends on xmltodict (^0.12.0) > 1: fact: jumeaux depends on boto3 (^1.10.28) > 1: fact: jumeaux depends on freezegun (^0.3.12) > 1: fact: jumeaux depends on pydash (^4.7.6) > 1: fact: jumeaux depends on requests-toolbelt (^0.9.1) > 1: fact: jumeaux depends on jinja2 (^2.10.3) > 1: fact: jumeaux depends on beautifulsoup4 (^4.8.1) > 1: fact: jumeaux depends on lxml (^4.4.2) > 1: fact: jumeaux depends on livereload (^2.6.1) > 1: fact: jumeaux depends on tzlocal (^2.0.0) > 1: fact: jumeaux depends on owlmixin (^5.5.0) > 1: fact: jumeaux depends on owcli (^0.7.0) > 1: fact: jumeaux depends on deepdiff (6.2.1) > 1: fact: jumeaux depends on markupsafe (2.0.1) > 1: fact: jumeaux depends on pytest (^7.2.0) > 1: fact: jumeaux depends on pytest-cov (^4.0.0) > 1: fact: jumeaux depends on mkdocs (^1.2.3) > 1: fact: jumeaux depends on mkdocs-material (^6.1.0) > 1: fact: jumeaux depends on pymdown-extensions (^10.0) > 1: fact: jumeaux depends on fontawesome-markdown (^0.2.6) > 1: fact: jumeaux depends on black (^23.3.0) > 1: fact: jumeaux depends on pytest (^7.2.0) > 1: fact: jumeaux depends on pytest-cov (^4.0.0) > 1: fact: jumeaux depends on mkdocs (^1.2.3) > 1: fact: jumeaux depends on mkdocs-material (^6.1.0) > 1: fact: jumeaux depends on pymdown-extensions (^10.0) > 1: fact: jumeaux depends on fontawesome-markdown (^0.2.6) > 1: fact: jumeaux depends on black (^23.3.0) > 1: selecting jumeaux (4.0.0) > 1: derived: black[d] (>=23.3.0,<24.0.0) > 1: derived: fontawesome-markdown (>=0.2.6,<0.3.0) > 1: derived: pymdown-extensions (>=10.0,<11.0) > 1: derived: mkdocs-material (>=6.1.0,<7.0.0) > 1: derived: mkdocs (>=1.2.3,<2.0.0) > 1: derived: pytest-cov (>=4.0.0,<5.0.0) > 1: derived: pytest (>=7.2.0,<8.0.0) > 1: derived: markupsafe (==2.0.1) > 1: derived: deepdiff (==6.2.1) > 1: derived: owcli (>=0.7.0,<0.8.0) > 1: derived: owlmixin (>=5.5.0,<6.0.0) > 1: derived: tzlocal (>=2.0.0,<3.0.0) > 1: derived: livereload (>=2.6.1,<3.0.0) > 1: derived: lxml (>=4.4.2,<5.0.0) > 1: derived: beautifulsoup4 (>=4.8.1,<5.0.0) > 1: derived: jinja2 (>=2.10.3,<3.0.0) > 1: derived: requests-toolbelt (>=0.9.1,<0.10.0) > 1: derived: pydash (>=4.7.6,<5.0.0) > 1: derived: freezegun (>=0.3.12,<0.4.0) > 1: derived: boto3 (>=1.10.28,<2.0.0) > 1: derived: xmltodict (>=0.12.0,<0.13.0) > 1: derived: schema (>=0.7.1,<0.8.0) > 1: derived: docopt (>=0.6.2,<0.7.0) > 1: derived: requests (>=2.22.0,<3.0.0) > 1: fact: black (23.3.0) depends on black (23.3.0) > 1: fact: black (23.3.0) depends on click (>=8.0.0) > 1: fact: black (23.3.0) depends on mypy-extensions (>=0.4.3) > 1: fact: black (23.3.0) depends on packaging (>=22.0) > 1: fact: black (23.3.0) depends on pathspec (>=0.9.0) > 1: fact: black (23.3.0) depends on platformdirs (>=2) > 1: fact: black (23.3.0) depends on tomli (>=1.1.0) > 1: fact: black (23.3.0) depends on typed-ast (>=1.4.2) > 1: fact: black (23.3.0) depends on typing-extensions (>=3.10.0.0) > 1: fact: black (23.3.0) depends on aiohttp (>=3.7.4) > 1: selecting black[d] (23.3.0) > 1: derived: aiohttp (>=3.7.4) > 1: derived: typing-extensions (>=3.10.0.0) > 1: derived: typed-ast (>=1.4.2) > 1: derived: tomli (>=1.1.0) > 1: derived: platformdirs (>=2) > 1: derived: pathspec (>=0.9.0) > 1: derived: packaging (>=22.0) > 1: derived: mypy-extensions (>=0.4.3) > 1: derived: click (>=8.0.0) > 1: derived: black (==23.3.0) > 1: fact: fontawesome-markdown (0.2.6) depends on markdown (*) > 1: selecting fontawesome-markdown (0.2.6) > 1: derived: markdown > 1: fact: pytest-cov (4.0.0) depends on pytest (>=4.6) > 1: fact: pytest-cov (4.0.0) depends on coverage (>=5.2.1) > 1: selecting pytest-cov (4.0.0) > 1: derived: coverage[toml] (>=5.2.1) > 1: selecting markupsafe (2.0.1) > 1: fact: deepdiff (6.2.1) depends on ordered-set (>=4.0.2,<4.2.0) > 1: selecting deepdiff (6.2.1) > 1: derived: ordered-set (>=4.0.2,<4.2.0) > 1: fact: owcli (0.7.0) depends on docopt (>=0.6.2,<0.7.0) > 1: fact: owcli (0.7.0) depends on owlmixin (>=5.4.1,<6.0.0) > 1: selecting owcli (0.7.0) > 1: fact: requests-toolbelt (0.9.1) depends on requests (>=2.0.1,<3.0.0) > 1: selecting requests-toolbelt (0.9.1) > 1: selecting xmltodict (0.12.0) > 1: selecting docopt (0.6.2) > 1: fact: pymdown-extensions (10.0.1) depends on markdown (>=3.2) > 1: fact: pymdown-extensions (10.0.1) depends on pyyaml (*) > 1: selecting pymdown-extensions (10.0.1) > 1: derived: pyyaml > 1: derived: markdown (>=3.2) > 1: fact: tzlocal (2.1) depends on pytz (*) > 1: selecting tzlocal (2.1) > 1: derived: pytz > 1: selecting ordered-set (4.1.0) > 1: fact: owlmixin (5.6.1) depends on pyyaml (>=5.1,<6.0) > 1: selecting owlmixin (5.6.1) > 1: derived: pyyaml (>=5.1,<6.0) > 1: fact: livereload (2.6.3) depends on six (*) > 1: fact: livereload (2.6.3) depends on tornado (*) > 1: selecting livereload (2.6.3) > 1: derived: tornado > 1: derived: six > 1: selecting packaging (23.1) > 1: selecting mypy-extensions (1.0.0) > 1: fact: freezegun (0.3.15) depends on six (*) > 1: fact: freezegun (0.3.15) depends on python-dateutil (>=1.0,<2.0 || >2.0) > 1: selecting freezegun (0.3.15) > 1: derived: python-dateutil (>=1.0,!=2.0) > 1: fact: pytest (7.3.1) depends on iniconfig (*) > 1: fact: pytest (7.3.1) depends on packaging (*) > 1: fact: pytest (7.3.1) depends on pluggy (>=0.12,<2.0) > 1: fact: pytest (7.3.1) depends on exceptiongroup (>=1.0.0rc8) > 1: fact: pytest (7.3.1) depends on tomli (>=1.0.0) > 1: fact: pytest (7.3.1) depends on importlib-metadata (>=0.12) > 1: fact: pytest (7.3.1) depends on colorama (*) > 1: selecting pytest (7.3.1) > 1: derived: colorama > 1: derived: importlib-metadata (>=0.12) > 1: derived: exceptiongroup (>=1.0.0rc8) > 1: derived: pluggy (>=0.12,<2.0) > 1: derived: iniconfig > 1: fact: pluggy (1.0.0) depends on importlib-metadata (>=0.12) > 1: selecting pluggy (1.0.0) > 1: fact: jinja2 (2.11.3) depends on MarkupSafe (>=0.23) > 1: selecting jinja2 (2.11.3) > 1: fact: schema (0.7.5) depends on contextlib2 (>=0.5.5) > 1: selecting schema (0.7.5) > 1: derived: contextlib2 (>=0.5.5) > 1: selecting contextlib2 (21.6.0) > 1: selecting pydash (4.9.3) > 1: selecting iniconfig (2.0.0) > 1: selecting pathspec (0.11.1) > 1: fact: mkdocs (1.4.3) depends on click (>=7.0) > 1: fact: mkdocs (1.4.3) depends on colorama (>=0.4) > 1: fact: mkdocs (1.4.3) depends on ghp-import (>=1.0) > 1: fact: mkdocs (1.4.3) depends on importlib-metadata (>=4.3) > 1: fact: mkdocs (1.4.3) depends on jinja2 (>=2.11.1) > 1: fact: mkdocs (1.4.3) depends on markdown (>=3.2.1,<3.4) > 1: fact: mkdocs (1.4.3) depends on mergedeep (>=1.3.4) > 1: fact: mkdocs (1.4.3) depends on packaging (>=20.5) > 1: fact: mkdocs (1.4.3) depends on pyyaml-env-tag (>=0.1) > 1: fact: mkdocs (1.4.3) depends on pyyaml (>=5.1) > 1: fact: mkdocs (1.4.3) depends on typing-extensions (>=3.10) > 1: fact: mkdocs (1.4.3) depends on watchdog (>=2.0) > 1: selecting mkdocs (1.4.3) > 1: derived: watchdog (>=2.0) > 1: derived: pyyaml-env-tag (>=0.1) > 1: derived: mergedeep (>=1.3.4) > 1: derived: markdown (>=3.2.1,<3.4) > 1: derived: importlib-metadata (>=4.3) > 1: derived: ghp-import (>=1.0) > 1: derived: colorama (>=0.4) > 1: fact: pyyaml-env-tag (0.1) depends on pyyaml (*) > 1: selecting pyyaml-env-tag (0.1) > 1: selecting mergedeep (1.3.4) > 1: fact: ghp-import (2.1.0) depends on python-dateutil (>=2.8.1) > 1: selecting ghp-import (2.1.0) > 1: derived: python-dateutil (>=2.8.1) > 1: fact: python-dateutil (2.8.2) depends on six (>=1.5) > 1: selecting python-dateutil (2.8.2) > 1: derived: six (>=1.5) > 1: selecting pyyaml (5.4.1) > 1: fact: click (8.1.3) depends on colorama (*) > 1: fact: click (8.1.3) depends on importlib-metadata (*) > 1: selecting click (8.1.3) > 1: fact: markdown (3.3.7) depends on importlib-metadata (>=4.4) > 1: selecting markdown (3.3.7) > 1: derived: importlib-metadata (>=4.4) > 1: fact: beautifulsoup4 (4.12.2) depends on soupsieve (>1.2) > 1: selecting beautifulsoup4 (4.12.2) > 1: derived: soupsieve (>1.2) > 1: fact: requests (2.30.0) depends on charset-normalizer (>=2,<4) > 1: fact: requests (2.30.0) depends on idna (>=2.5,<4) > 1: fact: requests (2.30.0) depends on urllib3 (>=1.21.1,<3) > 1: fact: requests (2.30.0) depends on certifi (>=2017.4.17) > 1: selecting requests (2.30.0) > 1: derived: certifi (>=2017.4.17) > 1: derived: urllib3 (>=1.21.1,<3) > 1: derived: idna (>=2.5,<4) > 1: derived: charset-normalizer (>=2,<4) > 1: selecting idna (3.4) > 1: fact: mkdocs-material (6.2.8) depends on mkdocs (>=1.1) > 1: fact: mkdocs-material (6.2.8) depends on Pygments (>=2.4) > 1: fact: mkdocs-material (6.2.8) depends on markdown (>=3.2) > 1: fact: mkdocs-material (6.2.8) depends on pymdown-extensions (>=7.0) > 1: fact: mkdocs-material (6.2.8) depends on mkdocs-material-extensions (>=1.0) > 1: selecting mkdocs-material (6.2.8) > 1: derived: mkdocs-material-extensions (>=1.0) > 1: derived: Pygments (>=2.4) > 1: selecting mkdocs-material-extensions (1.1.1) > 1: selecting lxml (4.9.2) > 1: selecting six (1.16.0) > 1: selecting charset-normalizer (3.1.0) > 1: selecting watchdog (3.0.0) > 1: fact: platformdirs (3.5.1) depends on typing-extensions (>=4.5) > 1: selecting platformdirs (3.5.1) > 1: derived: typing-extensions (>=4.5) > 1: selecting pygments (2.15.1) > 1: selecting soupsieve (2.4.1) > 1: selecting certifi (2023.5.7) > 1: fact: coverage (7.2.5) depends on coverage (7.2.5) > 1: fact: coverage (7.2.5) depends on tomli (*) > 1: selecting coverage[toml] (7.2.5) > 1: derived: coverage (==7.2.5) > 1: selecting urllib3 (2.0.2) > 1: selecting pytz (2023.3) > 1: fact: boto3 (1.26.137) depends on botocore (>=1.29.137,<1.30.0) > 1: fact: boto3 (1.26.137) depends on jmespath (>=0.7.1,<2.0.0) > 1: fact: boto3 (1.26.137) depends on s3transfer (>=0.6.0,<0.7.0) > 1: selecting boto3 (1.26.137) > 1: derived: s3transfer (>=0.6.0,<0.7.0) > 1: derived: jmespath (>=0.7.1,<2.0.0) > 1: derived: botocore (>=1.29.137,<1.30.0) > 1: fact: botocore (1.29.137) depends on jmespath (>=0.7.1,<2.0.0) > 1: fact: botocore (1.29.137) depends on python-dateutil (>=2.1,<3.0.0) > 1: fact: botocore (1.29.137) depends on urllib3 (>=1.25.4,<1.27) > 1: derived: not botocore (==1.29.137) > 1: fact: no versions of botocore match >1.29.137,<1.30.0 > 1: conflict: no versions of botocore match >1.29.137,<1.30.0 > 1: ! botocore (>1.29.137,<1.30.0) is partially satisfied by not botocore (1.29.137) > 1: ! which is caused by "botocore (1.29.137) depends on urllib3 (>=1.25.4,<1.27)" > 1: ! thus: botocore (>=1.29.137,<1.30.0) requires urllib3 (>=1.25.4,<1.27) > 1: fact: botocore (>=1.29.137,<1.30.0) requires urllib3 (>=1.25.4,<1.27) > 1: derived: not botocore (>=1.29.137,<1.30.0) > 1: derived: not boto3 (==1.26.137) > 2: selecting pytz (2023.3) > ``` ## 原因 [[urllib3]]のバージョンコンフリクトを解消するため、可能性のある[[boto3]]すべてのバージョンに対して[[依存性関係グラフ]]の作成を試みたから。 ### 詳細 [[requests]] 2.30.0 は [[urllib3]]の `1.21.1 <= version < 3` を指定している。[[urllib3]]の最新バージョンは2.0.2であるため、条件を満たす最新の2.0.2がその後に選択される。 ```console 1: fact: requests (2.30.0) depends on charset-normalizer (>=2,<4) 1: fact: requests (2.30.0) depends on idna (>=2.5,<4) 1: fact: requests (2.30.0) depends on urllib3 (>=1.21.1,<3) 1: fact: requests (2.30.0) depends on certifi (>=2017.4.17) 1: selecting requests (2.30.0) 1: derived: certifi (>=2017.4.17) 1: derived: urllib3 (>=1.21.1,<3) . . 1: selecting urllib3 (2.0.2) ``` 次に、[[boto3]]の依存性解決について。[[boto3]]のバージョン1.26.137をインストールしようとしており、それには[[botocore]]のバージョン `1.29.137 <= version < 1.30.0` が必要。 ```console 1: fact: boto3 (1.26.137) depends on botocore (>=1.29.137,<1.30.0) 1: fact: boto3 (1.26.137) depends on jmespath (>=0.7.1,<2.0.0) 1: fact: boto3 (1.26.137) depends on s3transfer (>=0.6.0,<0.7.0) 1: selecting boto3 (1.26.137) 1: derived: s3transfer (>=0.6.0,<0.7.0) 1: derived: jmespath (>=0.7.1,<2.0.0) 1: derived: botocore (>=1.29.137,<1.30.0) ``` そして、[[botocore]]の`1.29.137`は[[urllib3]]のバージョン `1.25.4 <= version < 1.27` が必要 ```console 1: fact: botocore (1.29.137) depends on jmespath (>=0.7.1,<2.0.0) 1: fact: botocore (1.29.137) depends on python-dateutil (>=2.1,<3.0.0) 1: fact: botocore (1.29.137) depends on urllib3 (>=1.25.4,<1.27) ``` 一方、[[urllib3]]はv2.0.2を使う予定であり、それは条件を満たさない。そのためコンフリクトとなる。よって[[botocore]] 1.29.137 は利用できず [[boto3]] 1.26.137 も利用できない。 ```console 1: derived: not botocore (==1.29.137) 1: fact: no versions of botocore match >1.29.137,<1.30.0 1: conflict: no versions of botocore match >1.29.137,<1.30.0 1: ! botocore (>1.29.137,<1.30.0) is partially satisfied by not botocore (1.29.137) 1: ! which is caused by "botocore (1.29.137) depends on urllib3 (>=1.25.4,<1.27)" 1: ! thus: botocore (>=1.29.137,<1.30.0) requires urllib3 (>=1.25.4,<1.27) 1: fact: botocore (>=1.29.137,<1.30.0) requires urllib3 (>=1.25.4,<1.27) 1: derived: not botocore (>=1.29.137,<1.30.0) 1: derived: not boto3 (==1.26.137) ``` [[requests]]の[[urllib3]]に対する条件は1.21.1以上であるため `1.25.4` ～ `1.27` のバージョンであれば問題なさそうだが、[[boto3]]の条件は[[pyproject.toml]]によると `boto3 = "^1.10.28"`となっているため `1.10.28` 以上のバージョンに対して確認する挙動をとる。手始めに1つパッチバージョンが下がった 1.26.136 だ。 ```console 2: fact: boto3 (1.26.136) depends on botocore (>=1.29.136,<1.30.0) 2: fact: boto3 (1.26.136) depends on jmespath (>=0.7.1,<2.0.0) 2: fact: boto3 (1.26.136) depends on s3transfer (>=0.6.0,<0.7.0) 2: selecting boto3 (1.26.136) 2: derived: s3transfer (>=0.6.0,<0.7.0) 2: derived: jmespath (>=0.7.1,<2.0.0) 2: derived: botocore (>=1.29.136,<1.30.0) 2: fact: botocore (1.29.136) depends on jmespath (>=0.7.1,<2.0.0) 2: fact: botocore (1.29.136) depends on python-dateutil (>=2.1,<3.0.0) 2: fact: botocore (1.29.136) depends on urllib3 (>=1.25.4,<1.27) 2: derived: not botocore (==1.29.136) 2: fact: no versions of botocore match >1.29.136,<1.29.137 2: conflict: no versions of botocore match >1.29.136,<1.29.137 2: ! botocore (>1.29.136,<1.29.137) is partially satisfied by not botocore (1.29.136) 2: ! which is caused by "botocore (1.29.136) depends on urllib3 (>=1.25.4,<1.27)" 2: ! thus: botocore (>=1.29.136,<1.29.137) requires urllib3 (>=1.25.4,<1.27) 2: fact: botocore (>=1.29.136,<1.29.137) requires urllib3 (>=1.25.4,<1.27) 2: derived: not botocore (>=1.29.136,<1.29.137) 2: derived: not boto3 (==1.26.136) ``` そして 1.26.135。 ```console 3: fact: boto3 (1.26.135) depends on botocore (>=1.29.135,<1.30.0) 3: fact: boto3 (1.26.135) depends on jmespath (>=0.7.1,<2.0.0) 3: fact: boto3 (1.26.135) depends on s3transfer (>=0.6.0,<0.7.0) 3: selecting boto3 (1.26.135) 3: derived: s3transfer (>=0.6.0,<0.7.0) 3: derived: jmespath (>=0.7.1,<2.0.0) 3: derived: botocore (>=1.29.135,<1.30.0) 3: fact: botocore (1.29.135) depends on jmespath (>=0.7.1,<2.0.0) 3: fact: botocore (1.29.135) depends on python-dateutil (>=2.1,<3.0.0) 3: fact: botocore (1.29.135) depends on urllib3 (>=1.25.4,<1.27) 3: derived: not botocore (==1.29.135) 3: fact: no versions of botocore match >1.29.135,<1.29.136 3: conflict: no versions of botocore match >1.29.135,<1.29.136 3: ! botocore (>1.29.135,<1.29.136) is partially satisfied by not botocore (1.29.135) 3: ! which is caused by "botocore (1.29.135) depends on urllib3 (>=1.25.4,<1.27)" 3: ! thus: botocore (>=1.29.135,<1.29.136) requires urllib3 (>=1.25.4,<1.27) 3: fact: botocore (>=1.29.135,<1.29.136) requires urllib3 (>=1.25.4,<1.27) 3: derived: not botocore (>=1.29.135,<1.29.136) 3: derived: not boto3 (==1.26.135) ``` といった具合に依存性をチェックするため非常に時間がかかる。これは **[[boto3]]が非常に多くのパッチバージョンをリリースしているライブラリである** からこそ顕在化する問題である。 ## 解決方法 2通りある。 ### [[boto3]]に最新バージョンを指定する試行回数が減るのでコンフリクトによるリトライ回数を最小限にできる。[[pyproject.toml]]の[[boto3]]バージョンを最新に。 ```toml [tool.poetry.dependencies] boto3 = "^1.26.137" ``` - メリット - 無駄な依存関係が増えない - デメリット - 依存関係を変更する必要がある (動作保証はない) - とはいえメジャーバージョンは一緒なので実害はないはず - しばらく経つと同じ問題が再発する ### [[urllib3]]に2未満のバージョンを指定する [[requests]]の依存性解決で[[urllib3]]の1系が選択されるためコンフリクトを回避できる。[[pyproject.toml]]の[[urllib3]]バージョンを2未満(1系最新)に。 ```toml [tool.poetry.dependencies] urllib3 = "<2" ``` - メリット - 依存関係を変更する必要がない (動作はより保証される) - 問題の再発を防げる - デメリット - 無断依存関係が増える (とはいえ意図は明確なので問題はないはず) - [[urllib3]]の2系が利用可能になっても、忘れていると1系を使い続けることになる ### 今回の選択現状は古いサーバーや[[Python]]バージョン(3.7など)でも使われていることから、[[#urllib3 に2未満のバージョンを指定する]]方法を採用する。[[urllib3]]の2系に関するエコシステムが安定してきたら[[urllib3]]のバージョンを上げる。 - 修正後のジョブ: https://github.com/tadashi-aikawa/jumeaux/actions/runs/5037837944/jobs/9034926010 ## 参考 [[boto3]]に[[urllib3]] 2系対応のIssueは立っているので、これが解消すれば根本原因は解決するはず...。 <div class="link-card"> <div class="link-card-header"> <img src="https://github.githubassets.com/favicons/favicon.svg" class="link-card-site-icon"/> <span class="link-card-site-name">GitHub</span> </div> <div class="link-card-body"> <div class="link-card-content"> <div> <p class="link-card-title">Allow urllib3 2.0.0 to be installed · Issue #2926 · boto/botocore</p> </div> <div class="link-card-description"> Describe the feature There is a new version of urllib3 (v2.0.0) that can't be installed in projects ... </div> </div> <img src="https://opengraph.githubassets.com/d8042e012be2b9b5dd285665b83a9202aaae837dadcb5831b1994ae6e22e750d/boto/botocore/issues/2926" class="link-card-image" /> </div> <a href="https://github.com/boto/botocore/issues/2926"></a> </div> - [How do I resolve moto and boto3 more quickly? · python\-poetry · Discussion \#7937](https://github.com/orgs/python-poetry/discussions/7937)