--locked behavior with pyproject.toml

[cademirch]

I've noticed that pixi install --locked will fail with Error: × lock-file not up-to-date with the workspace when all I've updated in my pyproject.toml are things like [project.version], [project.authors], etc. This is confusing to me, because I don't think modifying any of these fields should have an effect on dependency resolution, and thus the lockfile.

Is this expected behavior when using a pyproject.toml and pixi? For context, I ran into this issue because I use release-please in CI, which opens PRs that bump the version in pyproject.toml. CI runs pixi install --locked on those PRs and fails, even though no dependencies have changed. For now I just use pixi install --frozen, but I would like to know if dependencies are out of sync with my lockfile in CI.

Many thanks in advance, I truly appreciate the pixi team for creating and maintaining such a great tool.

[ruben-arts]

This is actually something in our pipeline, where we're removing the hashes of the source packages from the lockfile. Right now it looks something like this in your pixi.lock:

- pypi: ./
  name: my-package
  version: 0.1.0
  sha256: 0f3f1573332ec80de9b1c6c770db78ffce83130f22819b9a2d82bafd9c31341e
  requires_python: '>=3.11'

And that has invalidates the environment when you change package metadata things. We agree this is not a good experience. I can't promise a ETA but this should be changed in the future.

[cademirch]

Good to know. I'd be happy to contribute towards this if you point me in the direction to start.