Add a note guiding users to include SBOM files in the source distribution

[edgarrmondragon]

This had me scratching my head for a few minutes, but let me know if you think this note is necessary at all or whether this is the best place for it.

[cjames23]

I am not sure that your note makes sense mentioning uv as a build frontend inside of documentation for another build frontend of hatch.

[edgarrmondragon]

I am not sure that your note makes sense mentioning uv as a build frontend inside of documentation for another build frontend of hatch.

Yeah, though I believe using hatchling as a build backend and uv or build as a frontend is not that uncommon?

[ofek]

Thanks!

The list of build frontends that do so (i.e. build wheel from sdist when building both) will include Hatch in future so let's not mention specific tools to provide an easier transition. More importantly, since this is the most common confusion where I've had to answer so many questions on so many threads that people @ me, I think this deserves a special callout somewhere in the main build docs page and potentially a note at the top of the wheel configuration here that links to it.

Specifically, we should:

1. Explain that source distributions are always built from the source tree i.e. the directory containing pyproject.toml.
2. Explain that wheels may be built from either the source tree or from an unpacked source distribution, and the set of files considered for inclusion is potentially limited in the latter case. We should then list scenarios when each might happen:
   1. Source tree:
      • build frontends when building just the wheel, usually with a --wheel flag
   2. Source distribution:
      • the default behavior of most build frontends when building both at the same time (e.g. no flag)
      • package ecosystems configured to use the PyPI source distribution e.g. Conda source.url, Nixpkgs fetchPypi
3. Give an example using Hatchling configuration.

I imagine that after some time what you write will end up moving to the official packaging docs.

[edgarrmondragon]

the main build docs

Do you mean https://hatch.pypa.io/latest/build/? I'll take stab at an explanation section.

I imagine that after some time what you write will end up moving to the official packaging docs.

Yeah, some of what you mention is indeed explained in https://packaging.python.org/en/latest/discussions/package-formats/ but that guide is missing this detail.

[ofek]

Yes, that's the build page I was referring to. Feel free to either contribute here and eventually we will migrate to the official packaging docs or you can try updating that first. Whatever you prefer! When the guidance lives in the official docs I can't say for certain whether we will then merely reference the note/section or whether we would have a small section ourselves with a link to the docs.