Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

poetry check does not consider the package source #8704

Closed
2 tasks done
lucemia opened this issue Nov 24, 2023 · 3 comments · Fixed by #8709
Closed
2 tasks done

poetry check does not consider the package source #8704

lucemia opened this issue Nov 24, 2023 · 3 comments · Fixed by #8709
Labels
kind/feature Feature requests/implementations

Comments

@lucemia
Copy link
Contributor

lucemia commented Nov 24, 2023

  • I have searched the issues of this repo and believe that this is not a duplicate.
  • I have searched the FAQ and general documentation and believe that my question is not already covered.

Feature Request

It would be excellent if poetry check could encompass common errors? when defining package sources.

Source is undefined

  • if there is a package point to not existing source
[tool.poetry]
name = "PythonProjects"
version = "2.0.0"
homepage = "https://github.com/roghu/py3_projects"
license = "MIT"
readme = "README.md"
authors = ["Dependabot <[email protected]>"]
description = "Various small python projects."

[tool.poetry.dependencies]
python = "^3.7"
requests = { version = "2.18.0", source = "custom-1" }

[[tool.poetry.source]]
name = "custom"
url = "https://some.internal.registry.com/pypi/"
  • poetry install will failed directly
(pythonprojects-py3.11) ➜  dependabot-source-constraint git:(main) ✗ poetry install
Warning: In a future version of Poetry, PyPI will be disabled automatically if at least one custom primary source is configured. In order to avoid a breaking change and make your pyproject.toml forward compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this has the advantage that you can set the priority of PyPI as with any other source.
Updating dependencies
Resolving dependencies... (0.0s)

Repository "custom-1" does not exist.

Package's source is not consistence

  • The behavior is undefined when a package is defined with different source configurations.
[tool.poetry]
name = "PythonProjects"
version = "2.0.0"
homepage = "https://github.com/roghu/py3_projects"
license = "MIT"
readme = "README.md"
authors = ["Dependabot <[email protected]>"]
description = "Various small python projects."


[tool.poetry.dependencies]
python = "^3.7"

requests = { version = "2.18.0", source = "custom-2" }
[tool.poetry.group.dev]
optional = true

[tool.poetry.group.dev.dependencies]
requests = { version = "2.18.0", extras=["dev"], source = "custom-3" }

[tool.poetry.group.test]
optional = true

[tool.poetry.group.test.dependencies]
requests = { version = "2.18.0", extras=["test"], source = "custom-1" }
 

[[tool.poetry.source]]
name = "custom-1"
url = "https://some.internal.registry-1.com/pypi/"

[[tool.poetry.source]]
name = "custom-2"
url = "https://some.internal.registry-2.com/pypi/"
  • Currently, Poetry selects only one source.
  • It appears that Poetry selects the source that is not in the default group and appears last in the pyproject.toml file.
(pythonprojects-py3.11) ➜  dependabot-source-constraint git:(main) ✗ poetry install -vvv
Adding repository custom-1 (https://some.internal.registry-1.com/pypi) and setting it as primary
Adding repository custom-2 (https://some.internal.registry-2.com/pypi) and setting it as primary
Warning: In a future version of Poetry, PyPI will be disabled automatically if at least one custom primary source is configured. In order to avoid a breaking change and make your pyproject.toml forward compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this has the advantage that you can set the priority of PyPI as with any other source.
Using virtualenv: /Users/davidchen/repo/dependabot-source-constraint/.venv
Updating dependencies
Resolving dependencies...
   1: fact: pythonprojects is 2.0.0
   1: derived: pythonprojects
   1: fact: pythonprojects depends on requests (2.18.0)
   1: fact: pythonprojects depends on requests (2.18.0)
   1: fact: pythonprojects depends on requests (2.18.0)
   1: selecting pythonprojects (2.0.0)
   1: derived: requests[test] (==2.18.0)
   1: derived: requests[dev] (==2.18.0)
   1: derived: requests (==2.18.0)
[keyring.backend] Loading KWallet
[keyring.backend] Loading SecretService
[keyring.backend] Loading Windows
[keyring.backend] Loading chainer
[keyring.backend] Loading libsecret
[keyring.backend] Loading macOS
[keyring.backend] Loading Google Auth
Creating new session for some.internal.registry-1.com
[urllib3.connectionpool] Starting new HTTPS connection (1): some.internal.registry-1.com:443
@lucemia lucemia added kind/feature Feature requests/implementations status/triage This issue needs to be triaged labels Nov 24, 2023
@lucemia lucemia changed the title poetry check does not take into a account source poetry check does not consider the package source Nov 24, 2023
@dimbleby
Copy link
Contributor

It would be excellent if poetry check could encompass common errors? when defining package sources.

Are these common errors? Since the first one in particular will fail, with a sensible error message, as soon as you try to do anything anyway - I don't know that an explicit addition to poetry check brings very much value.

Nevertheless if you would find either or both these checks useful: I expect a merge request would have every chance of succeeding.

@lucemia
Copy link
Contributor Author

lucemia commented Nov 28, 2023

@dimbleby

You're correct; it's indeed not a common error. However, the inconsistency issue appears to be related to an undefined behavior in the pyproject.toml file. This inconsistency makes it challenging for other tools, such as Dependabot, to process the pyproject.toml file and align its behavior with Poetry.

By adding the ability to check for these kinds of errors in poetry check, it becomes possible to detect such issues during the pre-commit stage.

I have created a pull request (PR) and am hopeful that someone can take the time to provide feedback. Thank you!

lucemia added a commit to lucemia/poetry that referenced this issue Dec 4, 2023
lucemia added a commit to lucemia/poetry that referenced this issue Dec 4, 2023
lucemia added a commit to lucemia/poetry that referenced this issue Dec 5, 2023
lucemia added a commit to lucemia/poetry that referenced this issue Dec 5, 2023
lucemia added a commit to lucemia/poetry that referenced this issue Dec 5, 2023
lucemia added a commit to lucemia/poetry that referenced this issue Dec 9, 2023
lucemia added a commit to lucemia/poetry that referenced this issue Dec 11, 2023
radoering pushed a commit to lucemia/poetry that referenced this issue Dec 11, 2023
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 29, 2024
@abn abn removed the status/triage This issue needs to be triaged label Mar 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/feature Feature requests/implementations
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants