remove CERTBOT_NO_PIN (#9634)

Adrien and I added this is in https://github.com/certbot/certbot/pull/6590 in response to https://github.com/certbot/certbot/issues/6582 which I wrote. I now personally think these tests are way more trouble than they're worth. In almost all cases, the versions pinned in `tools/requirements.txt` are used. The two exceptions to this that come to mind are users using OS packages and pip. In the former, the version of our dependencies is picked by the OS and do not change much on most systems. As for pip, [we only "support it on a best effort basis"](https://eff-certbot.readthedocs.io/en/stable/install.html#alternative-2-pip). Even for pip users, I'm not convinced this buys us much other than frequent test failures. We have our tests configured to error on all Python warnings and [we regularly update `tools/requirements.txt`](https://github.com/certbot/certbot/commits/master/tools/requirements.txt). Due to that, assuming our dependencies follow normal conventions, we should have a chance to fix things in response to planned API changes long before they make their way to our users. I do not think it is necessary for our tests to break immediately after an API is deprecated. I think almost all other failures due to these tests are caused by upstream bugs. In my experience, almost all of them will sort themselves out pretty quickly. I think that responding to those that are not or planned API changes we somehow missed can be addressed when `tools/requirements.txt` is updated or when someone opens an issue. I personally don't think blocking releases or causing our nightly tests to fail is at all worth it here. I think removing this frequent cause of test failures makes things just a little bit easier for Certbot devs without costing us much of anything.
2025-08-08 04:02:10 +03:00 · 2023-03-27 17:01:27 -07:00
parent f004383582
commit 208ef4eb94
6 changed files with 22 additions and 49 deletions
--- a/tools/pip_install.py
+++ b/tools/pip_install.py
@@ -36,24 +36,18 @@ def main(args):
    tools_path = find_tools_path()

    with tempfile.TemporaryDirectory() as working_dir:
-        if os.environ.get('CERTBOT_NO_PIN') == '1':
-            # With unpinned dependencies, there is no constraint
-            pip_install_with_print(' '.join(args))
+        repo_path = os.path.dirname(tools_path)
+        if os.environ.get('CERTBOT_OLDEST') == '1':
+            constraints_path = os.path.normpath(os.path.join(
+                repo_path, 'tools', 'oldest_constraints.txt'))
        else:
-            # Otherwise, we pick the constraints file based on the environment
-            # variable CERTBOT_OLDEST.
-            repo_path = os.path.dirname(tools_path)
-            if os.environ.get('CERTBOT_OLDEST') == '1':
-                constraints_path = os.path.normpath(os.path.join(
-                    repo_path, 'tools', 'oldest_constraints.txt'))
-            else:
-                constraints_path = os.path.normpath(os.path.join(
-                    repo_path, 'tools', 'requirements.txt'))
+            constraints_path = os.path.normpath(os.path.join(
+                repo_path, 'tools', 'requirements.txt'))

-            env = os.environ.copy()
-            env["PIP_CONSTRAINT"] = constraints_path
+        env = os.environ.copy()
+        env["PIP_CONSTRAINT"] = constraints_path

-            pip_install_with_print(' '.join(args), env=env)
+        pip_install_with_print(' '.join(args), env=env)


 if __name__ == '__main__':