Does not apply constraints as a bases of another index #3
Description
Hello,
I wanted to test devpi-constrained for a while as our development team sometimes has difficulties keeping up with newer releases of our stack and it is not always easy to block a package to a certain version as it is used in a lot of repositories.
This is the case with tox and the latest release is causing trouble to our CI/CD pipeline as reported in tox-dev/tox#2702.
Now, I rebuilt our Docker image with devpi-constrained and playing around with it, it does not seem to filter packages when it is used as the bases in another index.
$ devpi index -c root/pypi-constrained type=constrained bases=root/pypi
[...]
$ devpi index root/pypi-constrained constraints="tox<4"
/root/pypi-constrained constraints=tox<4
https://pypi.example.com/root/pypi-constrained?no_projects=:
type=constrained
bases=root/pypi
volatile=True
acl_upload=root
acl_toxresult_upload=:ANONYMOUS:
constraints=tox<4
mirror_whitelist=
mirror_whitelist_inheritance=intersection
title=PyPI constrained mirror
$ devpi index -c root/dev-team
https://pypi.example.com/root/dev-team?no_projects=:
type=stage
bases=root/pypi-constrained
volatile=True
acl_upload=root
acl_toxresult_upload=:ANONYMOUS:
mirror_whitelist=
mirror_whitelist_inheritance=intersection
$ devpi list --index root/pypi-constrained --all tox |head -n3
*redirected: https://pypi.example.com/root/pypi-constrained/tox
https://pypi.example.com/root/pypi/+f/f52/ca66eae115fcf/tox-3.27.1-py2.py3-none-any.whl
https://pypi.example.com/root/pypi/+f/b2a/920e35a668cc0/tox-3.27.1.tar.gz
$ devpi list --index root/dev-team --all tox |head -n3
*redirected: https://pypi.example.com/root/dev-team/tox
https://pypi.example.com/root/pypi/+f/952/1447370a37527/tox-4.0.11-py3-none-any.whl
https://pypi.example.com/root/pypi/+f/695/fc21a276e6a4f/tox-4.0.11.tar.gzIs this the intended behavior?
Is my expectation that dev-team should get filtered results wrong?