interuss · Shastick · Sep 5, 2024 · Sep 10, 2024 · BenjaminPelletier · Sep 10, 2024
diff --git a/Makefile b/Makefile
@@ -120,8 +120,14 @@ restart-all: stop-uss-mocks down-locally start-locally start-uss-mocks
 restart-uss-mocks: stop-uss-mocks start-uss-mocks
 
 # To be run locally whenever a direct dependency has been updated in requirements.in
+# --allow-unsafe allows us to pin setuptools, without it we run into issues
+# such as https://github.com/interuss/monitoring/issues/768
 .PHONY: update-pinned-dependencies
 update-pinned-dependencies:
-	./scripts/pip_tools/pip_compile.sh --generate-hashes --output-file=requirements.txt requirements.in
+	./scripts/pip_tools/pip_compile.sh \
+		--generate-hashes \
+		--allow-unsafe \
+		--output-file=requirements.txt \
+		requirements.in
 
 
diff --git a/introduction_to_repository.md b/introduction_to_repository.md
@@ -54,3 +54,5 @@ When `requirements.in` is updated, the pinned dependencies must be updated by ru
 ```bash
 make update-pinned-dependencies
 ```
+
+Please note that we invoke `pip-tools` with the `--allow-unsafe` option to avoid issues such as https://github.com/interuss/monitoring/issues/768
diff --git a/monitoring/Dockerfile b/monitoring/Dockerfile
@@ -9,7 +9,7 @@
 #
 # This image is intended to be built from the repository root context/folder.
 
-FROM python:3.12.4-slim
+FROM python:3.12.6-slim
 # Not -alpine because: https://stackoverflow.com/a/58028091/651139
 
 # Install system tools

diff --git a/requirements.in b/requirements.in
@@ -7,6 +7,11 @@
 # When adding a dependency, the version should usually be specified exactly to
 # avoid breakages when new versions are released.
 
+# Note that when deriving a requirements.txt file from the present dependencies,
+# you many need to add the --allow-unsafe option to the call to pip-compile to allow it
+# to pin setuptools.
+# Without it we run into issues such as https://github.com/interuss/monitoring/issues/768
+
 aiohttp==3.9.2
 arrow==1.1.0
 bc-jsonpath-ng==1.5.9  # uss_qualifier
@@ -43,6 +48,7 @@ pyyaml==6.0.1
 requests==2.31.0
 s2sphere==0.2.5
 scipy==1.13.0
+setuptools==72.1.0
 shapely==1.7.1
 structlog==21.5.0  # deployment_manager
 termcolor==1.1.0

diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
-#    pip-compile --generate-hashes --output-file=requirements.txt requirements.in
+#    pip-compile --allow-unsafe --generate-hashes --output-file=requirements.txt requirements.in
 #
 aiohttp==3.9.2 \
     --hash=sha256:00a9abcea793c81e7f8778ca195a1714a64f6d7436c4c0bb168ad2a212627000 \
@@ -1778,7 +1778,13 @@ zope-interface==6.3 \
     --hash=sha256:f95bebd0afe86b2adc074df29edb6848fc4d474ff24075e2c263d698774e108d
     # via gevent
 
-# WARNING: The following packages were not pinned, but pip requires them to be
-# pinned when the requirements file includes hashes and the requirement is not
-# satisfied by a package already installed. Consider using the --allow-unsafe flag.
-# setuptools
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==72.1.0 \
+    --hash=sha256:5a03e1860cf56bb6ef48ce186b0e557fdba433237481a9a625176c2831be15d1 \
+    --hash=sha256:8d243eff56d095e5817f796ede6ae32941278f542e0f941867cc05ae52b162ec
+    # via
+    #   -r requirements.in
+    #   gunicorn
+    #   kubernetes
+    #   zope-event
+    #   zope-interface
-Original file line number
+Diff line change
@@ Expand Up @@
     ```bash
     make update-pinned-dependencies
     ```
+    Please note that we invoke `pip-tools` with the `--allow-unsafe` option to avoid issues such as https://github.com/interuss/monitoring/issues/768