Static dependency pyproject.toml proposal

[Seas0]

PR type

• Bug Fix
• New Feature
• Document Updates
• More Models or Datasets Support

PR information

Add a secondary pyproject.toml project description in addition to legacy setup.py to make uv sync work for ms-swift main repo.

All requirements/*.txt have been imported into the pyproject.toml statically, with python version guards addition for some package occasionally to allow the declarative dependency resolver happy.

Experiment results

Just enough for uv sync.

[gemini-code-assist]

Code Review

This pull request introduces a pyproject.toml file to define the build system, metadata, and dependencies for the ms_swift project. Feedback highlights several dependency issues, including a version conflict between datasets and the required Python version, the inclusion of the unmaintained attrdict package, and redundant or deprecated dependencies like modelscope and recommonmark. Additionally, improvements were suggested for dependency naming, environment markers for importlib-metadata, and adjusting restrictive Python version requirements for trl and Megatron-related packages.

[gemini-code-assist]

datasets>=3.0 requires Python 3.9 or higher. This conflicts with the project's declared requires-python = ">=3.8" on line 9. This will cause installation to fail on Python 3.8 environments. Consider lowering the minimum version of datasets to 2.0 or increasing the minimum Python version to 3.9.

Suggested change

	"datasets>=3.0,<4.8.5",
	"datasets>=2.0,<4.8.5",

[gemini-code-assist]

attrdict is unmaintained and incompatible with Python 3.10+ (it fails with AttributeError: module 'collections' has no attribute 'Mapping'). Since this project supports Python 3.10, 3.11, and 3.12, this dependency will cause runtime errors. It is recommended to remove it and use addict (already listed on line 28) instead.

[gemini-code-assist]

The canonical package name is importlib-metadata (with a hyphen). Additionally, since the project requires Python >= 3.8, the standard library importlib.metadata is available. If the backport is still needed for specific features (like the improved entry_points API in 3.10+), it should use an environment marker to avoid unnecessary installation on newer Python versions.

Suggested change

	"importlib_metadata",
	"importlib-metadata; python_version < '3.10'",

[gemini-code-assist]

Including trl in the main dependencies with a python_version>='3.10' marker means it won't be installed on Python 3.8/3.9. If the codebase imports trl without runtime checks, it will crash. If trl is a core dependency, the project's minimum Python version should be bumped to 3.10. If it is optional, it should be moved to [project.optional-dependencies].

[gemini-code-assist]

The python_version>='3.12' markers for Megatron-related dependencies are very restrictive. megatron-core and mcore-bridge typically support Python 3.10+. This restriction prevents users on Python 3.10 and 3.11 from using the Megatron integration. Unless there is a specific technical reason for 3.12+, consider lowering this to 3.10.

[gemini-code-assist]

modelscope is already listed in the main dependencies (line 42), so it is redundant to include it in the tests optional dependencies.

[gemini-code-assist]

recommonmark is deprecated and has been superseded by myst-parser, which is already included in the docs extra. It should be removed to avoid redundancy.

[Seas0]

@gemini review

[gemini-code-assist]

Code Review

This pull request introduces a pyproject.toml file to manage project metadata, dependencies, and build configuration for the ms_swift package. The review feedback suggests several improvements to dependency management, including lowering the Python version requirement for Megatron integration to increase compatibility, standardizing version bounds for datasets and transformers according to semantic versioning, and adding a fallback for the trl library on Python versions below 3.10. There is also a recommendation to consolidate dependency definitions to prevent potential synchronization issues between configuration files.

[gemini-code-assist]

The Python version restriction python_version>='3.12' for the megatron optional dependencies appears overly restrictive. megatron-core and its associated packages typically support Python 3.10 and 3.11. Restricting these to 3.12+ will prevent many users in common research environments (which often use Python 3.10 or 3.11) from utilizing the Megatron integration features.

Suggested change

	"mcore-bridge>=1.2.0; python_version>='3.12'",
	"megatron-core>=0.15; python_version>='3.12'",
	"peft>=0.15; python_version>='3.12'",
	"mcore-bridge>=1.2.0; python_version>='3.10'",
	"megatron-core>=0.15; python_version>='3.10'",
	"peft>=0.15; python_version>='3.10'",

[gemini-code-assist]

The upper bound <4.8.5 for datasets seems arbitrary. Since datasets is currently on version 3.x, using a major version bound like <4.0.0 is more standard and avoids confusion with specific patch versions that do not yet exist.

Suggested change

	"datasets>=3.0,<4.8.5; python_version>='3.9'",
	"datasets>=3.0,<4.0.0; python_version>='3.9'",

[gemini-code-assist]

The upper bound <5.9.0 for transformers is highly specific. Unless there is a known reason to cap it at exactly 5.9.0, it is better to use a major version bound like <5.0.0 to follow standard semantic versioning practices.

Suggested change

	"transformers>=4.33,<5.9.0",
	"transformers>=4.33,<5.0.0",

[gemini-code-assist]

The trl dependency is guarded by python_version>='3.10'. Since the project supports Python 3.8+, users on older versions will not have trl installed, which may lead to runtime errors if the package depends on it. Consider adding a fallback for Python < 3.10 using an older version of trl that still supports those environments.

Suggested change

	"trl>=0.15,<1.0; python_version>='3.10'",
	"trl>=0.15,<1.0; python_version>='3.10'",
	"trl<0.15; python_version<'3.10'",

[gemini-code-assist]

Hardcoding a static list of dependencies in pyproject.toml while setup.py continues to parse them from requirements/*.txt introduces a maintenance risk where the two sources of truth can fall out of sync. It is recommended to consolidate dependency management into pyproject.toml and either remove setup.py or refactor it to read from the TOML file to maintain a single source of truth.