When should the content-hash update?

[fwindolf]

I'm using 1.5.1 and I can run a poetry update ... to update my dependency. This will result in the version bumped in poetry.lock, but no update of the content-hash. If I run a poetry add ...@latest the version changes.

I can't seem to find this behaviour explained in the docs, and as I build containers with lots of heavy ML libraries in CI/CD, I try to avoid downloading + installing if not necessary. This is done by checking the content-hash, as I understood it as a "hash of the content".

Either it's not, or there is a bug and the content hash update is forgotten on poetry update.

[radoering]

The purpose of the content hash is to check if the lockfile is consistent with the pyproject.toml, i.e. the relevant parts of the pyproject.toml have not been changed since the lockfile was created. That's why the content hash is built from relevant parts of the pyproject.toml. When you run poetry update only the lockfile is changed and that's why the content hash does not change.

That's probably not explained because it's considered internals.

[vivodi]

content-hash means the hash of pyproject.toml instead of poetry.lock.