-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace pipdeptree with python-inspector #5645
Conversation
bed38d9
to
d9a2574
Compare
@@ -28,6 +28,9 @@ ARG CRT_FILES="" | |||
# Set this to the ScanCode version to use. | |||
ARG SCANCODE_VERSION="30.1.0" | |||
|
|||
# Set this to the Python Inspector version to use. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commit message: Please add the details from the PR description to the commit message as well, to make sure it is recorded in the Git log. Also, please prefix the title with "Pip: Replace ...".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also remove the ticket ids from the commit message title, it is enough to mention them in the body. And we usually use Relates-to: #4637
for ticket references.
analyzer/src/funTest/assets/projects/synthetic/python-inspector-expected-output.yml
Show resolved
Hide resolved
Codecov Report
@@ Coverage Diff @@
## main #5645 +/- ##
============================================
+ Coverage 65.46% 65.54% +0.08%
+ Complexity 2219 2212 -7
============================================
Files 271 271
Lines 16594 16600 +6
Branches 3445 3473 +28
============================================
+ Hits 10863 10881 +18
+ Misses 4588 4575 -13
- Partials 1143 1144 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
cf15c1c
to
3ac57da
Compare
There are two (trivial) issues in the static code analysis: Multiple blank lines at lines 64 and 197. |
ed15766
to
190dd86
Compare
The changes look good to me, however, the commits probably need to be reworked. As stated in the contributor guide, requested changes should not be added in new commits, but the existing commits should be amended. Could you please do this? |
@oheger-bosch Thanks! My mistake there. |
a56816f
to
9137a68
Compare
|
||
val projectDependencies = if (definitionFile.name == "setup.py") { | ||
// The tree contains a root node for the project itself and pipdeptree's dependencies are also at the | ||
// root next to it, as siblings. | ||
// The tree contains a root node for the project itself. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pombredanne This assumption is not correct anymore with the python-inspector. I tested it locally and the python-inspector output is:
[
{
"key": "ply",
"package_name": "ply",
"installed_version": "3.11",
"dependencies": []
},
{
"key": "rdflib",
"package_name": "rdflib",
"installed_version": "6.2.0",
"dependencies": [
{
"key": "isodate",
"package_name": "isodate",
"installed_version": "0.6.1",
"dependencies": [
{
"key": "six",
"package_name": "six",
"installed_version": "1.16.0",
"dependencies": []
}
]
},
{
"key": "pyparsing",
"package_name": "pyparsing",
"installed_version": "3.0.9",
"dependencies": []
},
{
"key": "setuptools",
"package_name": "setuptools",
"installed_version": "65.2.0",
"dependencies": []
}
]
}
]
So it does not contain a root node with the project name. Therefore the function returns EMPTY_JSON_NODE
and the spdx-tools-python test is failing. The solution is to simplify lines 367-379 to:
val projectDependencies = fullDependencyTree.filterNot {
isPhonyDependency(it["package_name"].textValue(), it["installed_version"].textValueOrEmpty())
}
(and to remove the projectName
parameter of the function because it is unused now)
The test will still fail because "38" is always passed to python-inspector as Python version and therefore different versions of the dependencies are found. I would suggest to ignore this issue for now and just update the expected results file, and I will address this topic in a separate PR as discussed in the meeting today.
d9bf6b5
to
76f44ff
Compare
This PR replaces pipdeptree with python-inspector to resolve Python packages dependencies found in requirement files. python-inspector can resolve dependencies for any target Python version and OS (and not only the one running the tool). In this integration in ORT, it replaces pipdeptree pretty much in place as python-inspector implements a similar output data structure by design to ease the integration. Reference: https://github.com/nexB/python-inspector Reference: oss-review-toolkit#4637 Reference: oss-review-toolkit#3671 Signed-off-by: Philippe Ombredanne <[email protected]> Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]> Signed-off-by: Tushar Goel <[email protected]>
This PR replaces pipdeptree with python-inspector to resolve Python packages dependencies found in requirement files.
python-inspector can resolve dependencies for any target Python version and OS (and not only the one running the tool).
In this integration in ORT, it replaces pipdeptree pretty much in place as python-inspector implements a similar output data structure by design to ease the integration.
Reference: https://github.com/nexB/python-inspector
Reference: #4637
Reference: #3671
Signed-off-by: Tushar Goel [email protected]
Signed-off-by: Philippe Ombredanne [email protected]