Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use pip list to get packages for pip source #480

Merged
merged 4 commits into from
Mar 15, 2022
Merged

Use pip list to get packages for pip source #480

merged 4 commits into from
Mar 15, 2022

Conversation

jonabc
Copy link
Contributor

@jonabc jonabc commented Mar 15, 2022

This change updates the pip source to gather dependencies from pip list rather than parsing requirements.txt. This is done to accommodate the multitude of requirement specifies that weren't currently being handled, such as direct file specifiers. Instead licensed now relies on pip to report what dependencies are being used. As a side effect, this now causes the pip source to report on transitive/nested dependencies, where previously only explicit dependencies were being reported 🤦

After all dependencies were being reported, I found that performance was really suffering because many more pip show commands were being executed. Thankfully though pip show supports entering multiple package names in one command, which overall made the source faster than it was before this PR 🚀 .

Some minor side effects of this change

  1. the number of test cases needed drops significantly because licensed no longer needs to validate requirements.txt parsing logic
  2. there is no longer a need for a requirements.txt file. we just need to know the virtual env directory to run under and pip gives us all the rest of the information.

jonabc and others added 2 commits March 15, 2022 14:10
@jonabc
use pip list to get packages for pip source
d486f10 
this also removes the need for a requirements.txt file
in the current directory
Auto-update license files
00120ed
@jonabc jonabc mentioned this pull request Mar 15, 2022
Merged
@jonabc
Copy link
Contributor Author

jonabc commented Mar 15, 2022

The licensed-ci GitHub Action has created a pull request containing license metadata updates based on the changes in this branch.

Please review the pull request for any additional changes required and merge when ready.

@jonabc
use different transitive dependency
ae0db44 
it looks like the one I used before might have been
a dependency of an older pip version that's no
longer present in the version used in CI
@jonabc
Merge pull request #481 from github/pip-fixes-licenses
69aeffd 
License updates for pip-fixes
@jonabc jonabc merged commit c3e82b2 into master Mar 15, 2022
@jonabc jonabc deleted the pip-fixes branch March 15, 2022 22:47
jonabc added a commit that referenced this pull request Mar 17, 2022
@jonabc
release 3.6.0
320bc47 
## 3.6.0

2022-03-17

### Added

- Composer dev dependencies can optionally be included in enumerated PHP dependencies (:tada: `@digilist` #486)
- Getting started usage documentation (#483)
- Initial support for NPM workspaces (#485)

### Changed

- Transitive dependencies are now enumerated by the `pip` source (#480)

### Fixed

- `licensed cache --force` will now correctly overwrite existing license classifications (#473)
@jonabc jonabc mentioned this pull request Mar 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jonabc