I'm building a Python wheel using Poetry inside an Azure DevOps pipeline. My pyproject.toml contains version constraints like:
[tool.poetry.dependencies]
pandas = ">=1.4.0"
In the pipeline, I run:
poetry lock --no-update
poetry install --with dev
I can see that the exact package versions (like pandas==1.4.4) are resolved and used during installation, and poetry.lock reflects them correctly.
However, when I run:
poetry build
the generated wheel file still reflects the original version specifiers (>=1.4.0), not the exact versions from the lock file.
I want the final wheel to include the exact locked versions (i.e., pinned), not the version ranges defined in the original pyproject.toml.
What I've tried:
Question
How can I ensure that the wheel package built by Poetry in an Azure Pipeline includes pinned (exact) versions from the lock file, rather than the original version specifiers from pyproject.toml?
I was able to get the locked versions into the built wheel using the poetry-lock-package plugin. This plugin packages only the dependencies from poetry.lock, producing a separate wheel.
Here’s what I have added to my Azure pipeline to generate both the regular and locked wheels:
- script: |
cd ${{ parameters.wheel_folder }}
poetry build
ls -l dist/
displayName: "Build Poetry Wheel"
- script: |
cd ${{ parameters.wheel_folder }}
poetry-lock-package --wheel
cp ./tsff-lock/dist/*.whl dist/
# Verify contents
ls -l dist/
displayName: "Build Lock Package from poetry.lock and copy to dist/"
This will generate:
A standard Poetry wheel (based on version constraints from pyproject.toml)
A lock wheel containing all dependencies pinned to exact versions as resolved in poetry.lock