diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 815617e1c19..6d0c8a2aa41 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,7 +82,7 @@ jobs: - run: pip install nox - run: nox -s prepare-release -- 99.9 - run: nox -s build-release -- 99.9 - - run: pipx run check-manifest + - run: pipx run check-sdist vendoring: name: vendoring diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index 998cb4f485e..00000000000 --- a/MANIFEST.in +++ /dev/null @@ -1,34 +0,0 @@ -include NEWS.rst -include README.rst -include SECURITY.md -include pyproject.toml - -include build-project/build-requirements.in -include build-project/build-requirements.txt -include build-project/build-project.py -include build-project/.python-version - -include src/pip/_vendor/README.rst -include src/pip/_vendor/vendor.txt - -include docs/requirements.txt - -exclude .git-blame-ignore-revs -exclude .mailmap -exclude .readthedocs.yml -exclude .pre-commit-config.yaml -exclude .readthedocs-custom-redirects.yml -exclude noxfile.py - -recursive-include src/pip/_vendor *.pem -recursive-include src/pip/_vendor py.typed -recursive-include docs *.css *.py *.rst *.md -recursive-include docs *.dot *.png - -recursive-exclude src/pip/_vendor *.pyi - -prune .github -prune docs/build -prune news -prune tests -prune tools diff --git a/build-project/build-requirements.in b/build-project/build-requirements.in index 4bc215a28d0..07a76cea647 100644 --- a/build-project/build-requirements.in +++ b/build-project/build-requirements.in @@ -1,2 +1,2 @@ build -setuptools +flit-core diff --git a/build-project/build-requirements.txt b/build-project/build-requirements.txt index c0cf0575088..65b647daf2c 100644 --- a/build-project/build-requirements.txt +++ b/build-project/build-requirements.txt @@ -8,17 +8,15 @@ build==1.2.2.post1 \ --hash=sha256:1d61c0887fa860c01971625baae8bdd338e517b836a2f70dd1f7aa3a6b2fc5b5 \ --hash=sha256:b36993e92ca9375a219c99e606a122ff365a760a2d4bba0caa09bd5278b608b7 # via -r build-requirements.in -packaging==24.2 \ - --hash=sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 \ - --hash=sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f +flit-core==3.12.0 \ + --hash=sha256:18f63100d6f94385c6ed57a72073443e1a71a4acb4339491615d0f16d6ff01b2 \ + --hash=sha256:e7a0304069ea895172e3c7bb703292e992c5d1555dd1233ab7b5621b5b69e62c + # via -r build-requirements.in +packaging==25.0 \ + --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484 \ + --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f # via build pyproject-hooks==1.2.0 \ --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8 \ --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913 # via build - -# The following packages are considered to be unsafe in a requirements file: -setuptools==80.9.0 \ - --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \ - --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c - # via -r build-requirements.in diff --git a/docs/html/development/architecture/anatomy.rst b/docs/html/development/architecture/anatomy.rst index d5e205654ff..7a0fefbfa63 100644 --- a/docs/html/development/architecture/anatomy.rst +++ b/docs/html/development/architecture/anatomy.rst @@ -18,7 +18,6 @@ The ``README``, license, ``pyproject.toml``, and so on are in the top level. * ``AUTHORS.txt`` * ``LICENSE.txt`` -* ``MANIFEST.in`` * ``NEWS.rst`` * ``pyproject.toml`` * ``README.rst`` diff --git a/news/13743.feature.rst b/news/13743.feature.rst new file mode 100644 index 00000000000..37f7db147f8 --- /dev/null +++ b/news/13743.feature.rst @@ -0,0 +1,2 @@ +Building pip itself from source now uses flit-core instead of setuptools. +This does not affect how pip installs or builds packages you use. diff --git a/pyproject.toml b/pyproject.toml index 90f04307f47..8f7b03813a2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,5 @@ [project] dynamic = ["version"] - name = "pip" description = "The PyPA recommended tool for installing Python packages." readme = "README.rst" @@ -45,12 +44,13 @@ Source = "https://github.com/pypa/pip" Changelog = "https://pip.pypa.io/en/stable/news/" [build-system] -requires = ["setuptools>=77"] -build-backend = "setuptools.build_meta" +requires = ["flit-core >=3.11,<4"] +build-backend = "flit_core.buildapi" [dependency-groups] test = [ "cryptography", + "flit-core >= 3.11, < 4", "freezegun", "installer", "pytest", @@ -70,6 +70,7 @@ test = [ ] test-common-wheels = [ + "flit-core >= 3.11, < 4", # We pin setuptools<80 because our test suite currently # depends on setup.py develop to generate egg-link files. "setuptools >= 40.8.0, != 60.6.0, <80", @@ -78,28 +79,24 @@ test-common-wheels = [ "coverage >= 4.4", ] -[tool.setuptools] -package-dir = {"" = "src"} -include-package-data = false - -[tool.setuptools.dynamic] -version = {attr = "pip.__version__"} - -[tool.setuptools.packages.find] -where = ["src"] -exclude = ["contrib", "docs", "tests*", "tasks"] - -[tool.setuptools.package-data] -"pip" = ["py.typed"] -"pip._vendor" = ["vendor.txt"] -"pip._vendor.certifi" = ["*.pem"] -"pip._vendor.distlib" = [ - "t32.exe", - "t64.exe", - "t64-arm.exe", - "w32.exe", - "w64.exe", - "w64-arm.exe", +[tool.flit.sdist] +include = [ + "NEWS.rst", + "SECURITY.md", + "build-project/.python-version", + "build-project/build-project.py", + "build-project/build-requirements.in", + "build-project/build-requirements.txt", + "docs/requirements.txt", + "docs/**/*.css", + "docs/**/*.dot", + "docs/**/*.md", + "docs/**/*.png", + "docs/**/*.py", + "docs/**/*.rst", +] +exclude = [ + "src/pip/_vendor/**/*.pyi", ] ###################################################################################### @@ -350,3 +347,15 @@ exclude_also = [ # This excludes typing-specific code, which will be validated by mypy anyway. "if TYPE_CHECKING", ] + +[tool.check-sdist] +git-only = [ + "tests/**", + "tools/**", + "news/.gitignore", + ".gitattributes", + ".gitignore", + ".git-blame-ignore-revs", + ".mailmap", + ".readthedocs-custom-redirects.yml" +] diff --git a/tests/functional/test_freeze.py b/tests/functional/test_freeze.py index 0a7cedd11cb..9883beb87fd 100644 --- a/tests/functional/test_freeze.py +++ b/tests/functional/test_freeze.py @@ -99,38 +99,33 @@ def test_freeze_with_pip(script: PipTestEnvironment) -> None: def test_freeze_with_setuptools(script: PipTestEnvironment) -> None: """ - Test that pip shows setuptools only when --all is used - or _should_suppress_build_backends() returns false + Test that pip shows setuptools only when --all is used on Python < 3.12, + otherwise it should be shown in default freeze output. """ result = script.pip("freeze", "--all") assert "setuptools==" in result.stdout - (script.site_packages_path / "mock.pth").write_text("import mock\n") - - (script.site_packages_path / "mock.py").write_text( - textwrap.dedent( - """\ - import pip._internal.commands.freeze as freeze - freeze._should_suppress_build_backends = lambda: False - """ - ) - ) - + # Test the default behavior (without --all) result = script.pip("freeze") - assert "setuptools==" in result.stdout - (script.site_packages_path / "mock.py").write_text( - textwrap.dedent( - """\ - import pip._internal.commands.freeze as freeze - freeze._should_suppress_build_backends = lambda: True - """ + should_suppress = sys.version_info < (3, 12) + if should_suppress: + # setuptools should be hidden in default freeze output + assert "setuptools==" not in result.stdout, ( + f"setuptools should be suppressed in Python {sys.version_info[:2]} " + f"but was found in freeze output: {result.stdout}" + ) + else: + # setuptools should be shown in default freeze output + assert "setuptools==" in result.stdout, ( + f"setuptools should be shown in Python {sys.version_info[:2]} " + f"but was not found in freeze output: {result.stdout}" ) - ) - result = script.pip("freeze") - assert "setuptools==" not in result.stdout + # --all should always show setuptools regardless of version + result_all = script.pip("freeze", "--all") + assert "setuptools==" in result_all.stdout def test_exclude_and_normalization(script: PipTestEnvironment, tmpdir: Path) -> None: diff --git a/tests/functional/test_self_update.py b/tests/functional/test_self_update.py index 1331a87c319..9019e89211d 100644 --- a/tests/functional/test_self_update.py +++ b/tests/functional/test_self_update.py @@ -8,6 +8,9 @@ def test_self_update_editable(script: Any, pip_src: Any) -> None: # mode, that pip can safely update itself to an editable install. # See https://github.com/pypa/pip/issues/12666 for details. + # Install flit-core (build backend) since we use --no-build-isolation + script.pip("install", "flit-core") + # Step 1. Install pip as non-editable. This is expected to succeed as # the existing pip in the environment is installed in editable mode, so # it only places a .pth file in the environment.