Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCIO: Detect frozen Python requirements locked with deplock #1262

Closed
pombredanne opened this issue Jun 10, 2024 · 3 comments
Closed

SCIO: Detect frozen Python requirements locked with deplock #1262

pombredanne opened this issue Jun 10, 2024 · 3 comments
Assignees
@AyanSinhaMahapatra @TG1999

Comments

@pombredanne
Copy link
Member

pombredanne commented Jun 10, 2024
edited
Loading

To support:

... we need to detect the Python frozen requirements that will be generated. We likely want to define a conventional file name like "frozen-requirements.txt" so we can distinguish this from other standard requirements files.

This would go in the inspect package pipeline
@mjherzog mjherzog changed the title Detect frozen Python requirements locked with the deplock SCIO: Detect frozen Python requirements locked with the deplock Jun 11, 2024
@pombredanne pombredanne changed the title SCIO: Detect frozen Python requirements locked with the deplock SCIO: Detect frozen Python requirements locked with deplock Jun 20, 2024
@pombredanne
Copy link
Member Author

There are two ways to approach this:

  • just parse the requirements.deplock and use "built-in" dependency resolution as for npm
  • or use the Python inspector requirements.deplock

@pombredanne pombredanne mentioned this issue Jun 21, 2024
Closed
16 tasks
@pombredanne
Copy link
Member Author

This is now based in pip inspect... @AyanSinhaMahapatra @TG1999 any update?

AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue Jun 26, 2024
@AyanSinhaMahapatra
Add support for pip-inspect.deplock files
12cd136 
Add parser for pip-inspect.deplock files generated by deplock
which has all the package metadata, i.e. the resolved versions
and the dependency relationships.

Reference: aboutcode-org/scancode.io#1262
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue Jun 26, 2024
Merged
6 tasks
@pombredanne pombredanne mentioned this issue Jun 27, 2024
Merged
AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue Jun 28, 2024
@AyanSinhaMahapatra
Add support for pip-inspect.deplock files
b467954 
Add parser for pip-inspect.deplock files generated by deplock
which has all the package metadata, i.e. the resolved versions
and the dependency relationships.

Reference: aboutcode-org/scancode.io#1262
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue Jun 28, 2024
@AyanSinhaMahapatra
Add support for pip-inspect.deplock files
fc4ada9 
Add parser for pip-inspect.deplock files generated by deplock
which has all the package metadata, i.e. the resolved versions
and the dependency relationships.

Reference: aboutcode-org/scancode.io#1262
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jul 1, 2024
@AyanSinhaMahapatra
Add tests for static dependency resolution
6641c2a 
Reference: #1262
Reference: #1263
Reference: #1278
Reference: #1279
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jul 1, 2024
@AyanSinhaMahapatra
Add tests for static dependency resolution
332cea8 
Reference: #1262
Reference: #1263
Reference: #1278
Reference: #1279
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue Jul 1, 2024
Merged
tdruez pushed a commit that referenced this issue Jul 2, 2024
@AyanSinhaMahapatra
Update scancode-toolkit to v32.2.1 (#1305)
af15beb 
* Bump scancode-toolkit version to v32.2.1

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>

* Add tests for static dependency resolution

Reference: #1262
Reference: #1263
Reference: #1278
Reference: #1279
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>

---------

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra
Copy link
Member

This was done with:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AyanSinhaMahapatra AyanSinhaMahapatra

@TG1999 TG1999

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pombredanne @AyanSinhaMahapatra @TG1999