dependabot-python 0.118.16 → 0.119.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c443c75018adfd2cf364c97de4ef952789b4b1d279c9ef325ee181e8f46cd56
|
4
|
+
data.tar.gz: 3ef40c7a0ac388eea5b3a2ea5b70ca5019a0110088fae84e5913c2584d37eb8d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 13bcdc6647e905be59181cac53a5e79073531940e291684b9431b68bbb16702871d56c964ea4ba4cdee736ec74f050db09b94bd0ba2b370813e5c4ae9cf7e144
|
7
|
+
data.tar.gz: 8f7113e04bf9c2c2fd727ecba7c7240d1f7f518237f4c8361531370e3fa86fb712d22544bbfe5751fee6296749c3dfc179c786bdd41a3db241d164a5cd5fb6ca
|
File without changes
|
@@ -0,0 +1,24 @@
|
|
1
|
+
import hashin
|
2
|
+
import json
|
3
|
+
import pipfile
|
4
|
+
from poetry.poetry import Poetry
|
5
|
+
from poetry.factory import Factory
|
6
|
+
|
7
|
+
def get_dependency_hash(dependency_name, dependency_version, algorithm):
|
8
|
+
hashes = hashin.get_package_hashes(
|
9
|
+
dependency_name,
|
10
|
+
version=dependency_version,
|
11
|
+
algorithm=algorithm
|
12
|
+
)
|
13
|
+
|
14
|
+
return json.dumps({ "result": hashes["hashes"] })
|
15
|
+
|
16
|
+
def get_pipfile_hash(directory):
|
17
|
+
p = pipfile.load(directory + '/Pipfile')
|
18
|
+
|
19
|
+
return json.dumps({ "result": p.hash })
|
20
|
+
|
21
|
+
def get_pyproject_hash(directory):
|
22
|
+
p = Factory().create_poetry(directory)
|
23
|
+
|
24
|
+
return json.dumps({ "result": p.locker._get_content_hash() })
|
@@ -0,0 +1,138 @@
|
|
1
|
+
from itertools import chain
|
2
|
+
import glob
|
3
|
+
import io
|
4
|
+
import json
|
5
|
+
import optparse
|
6
|
+
import os.path
|
7
|
+
import re
|
8
|
+
|
9
|
+
import setuptools
|
10
|
+
import pip._internal.req.req_file
|
11
|
+
from pip._internal.network.session import PipSession
|
12
|
+
from pip._internal.models.format_control import FormatControl
|
13
|
+
from pip._internal.req.constructors import (
|
14
|
+
install_req_from_line,
|
15
|
+
install_req_from_parsed_requirement,
|
16
|
+
)
|
17
|
+
|
18
|
+
def parse_requirements(directory):
|
19
|
+
# Parse the requirements.txt
|
20
|
+
requirement_packages = []
|
21
|
+
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
22
|
+
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
23
|
+
|
24
|
+
pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
|
25
|
+
+ glob.glob(os.path.join(directory, '**', '*.in'))
|
26
|
+
|
27
|
+
def version_from_install_req(install_req):
|
28
|
+
if install_req.is_pinned:
|
29
|
+
return next(iter(install_req.specifier)).version
|
30
|
+
|
31
|
+
for reqs_file in requirement_files + pip_compile_files:
|
32
|
+
try:
|
33
|
+
requirements = pip._internal.req.req_file.parse_requirements(
|
34
|
+
reqs_file,
|
35
|
+
session=PipSession()
|
36
|
+
)
|
37
|
+
for parsed_req in requirements:
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
39
|
+
if install_req.original_link:
|
40
|
+
continue
|
41
|
+
|
42
|
+
pattern = r"-[cr] (.*) \(line \d+\)"
|
43
|
+
abs_path = re.search(pattern, install_req.comes_from).group(1)
|
44
|
+
rel_path = os.path.relpath(abs_path, directory)
|
45
|
+
|
46
|
+
requirement_packages.append({
|
47
|
+
"name": install_req.req.name,
|
48
|
+
"version": version_from_install_req(install_req),
|
49
|
+
"markers": str(install_req.markers) or None,
|
50
|
+
"file": rel_path,
|
51
|
+
"requirement": str(install_req.specifier) or None,
|
52
|
+
"extras": sorted(list(install_req.extras))
|
53
|
+
})
|
54
|
+
except Exception as e:
|
55
|
+
print(json.dumps({ "error": repr(e) }))
|
56
|
+
exit(1)
|
57
|
+
|
58
|
+
return json.dumps({ "result": requirement_packages })
|
59
|
+
|
60
|
+
def parse_setup(directory):
|
61
|
+
# Parse the setup.py
|
62
|
+
setup_packages = []
|
63
|
+
if os.path.isfile(directory + '/setup.py'):
|
64
|
+
def version_from_install_req(install_req):
|
65
|
+
if install_req.is_pinned:
|
66
|
+
return next(iter(install_req.specifier)).version
|
67
|
+
|
68
|
+
def parse_requirement(req, req_type):
|
69
|
+
install_req = install_req_from_line(req)
|
70
|
+
if install_req.original_link:
|
71
|
+
return
|
72
|
+
|
73
|
+
setup_packages.append({
|
74
|
+
"name": install_req.req.name,
|
75
|
+
"version": version_from_install_req(install_req),
|
76
|
+
"markers": str(install_req.markers) or None,
|
77
|
+
"file": "setup.py",
|
78
|
+
"requirement": str(install_req.specifier) or None,
|
79
|
+
"requirement_type": req_type,
|
80
|
+
"extras": sorted(list(install_req.extras))
|
81
|
+
})
|
82
|
+
|
83
|
+
def setup(*args, **kwargs):
|
84
|
+
for arg in ['setup_requires', 'install_requires', 'tests_require']:
|
85
|
+
if not kwargs.get(arg):
|
86
|
+
continue
|
87
|
+
for req in kwargs.get(arg):
|
88
|
+
parse_requirement(req, arg)
|
89
|
+
extras_require_dict = kwargs.get('extras_require', {})
|
90
|
+
for key in extras_require_dict:
|
91
|
+
for req in extras_require_dict[key]:
|
92
|
+
parse_requirement(req, 'extras_require:{}'.format(key))
|
93
|
+
setuptools.setup = setup
|
94
|
+
|
95
|
+
def noop(*args, **kwargs):
|
96
|
+
pass
|
97
|
+
|
98
|
+
def fake_parse(*args, **kwargs):
|
99
|
+
return []
|
100
|
+
|
101
|
+
global fake_open
|
102
|
+
def fake_open(*args, **kwargs):
|
103
|
+
content = ("VERSION = ('0', '0', '1+dependabot')\n"
|
104
|
+
"__version__ = '0.0.1+dependabot'\n"
|
105
|
+
"__author__ = 'someone'\n"
|
106
|
+
"__title__ = 'something'\n"
|
107
|
+
"__description__ = 'something'\n"
|
108
|
+
"__author_email__ = 'something'\n"
|
109
|
+
"__license__ = 'something'\n"
|
110
|
+
"__url__ = 'something'\n")
|
111
|
+
return io.StringIO(content)
|
112
|
+
|
113
|
+
content = open(directory + '/setup.py', 'r').read()
|
114
|
+
|
115
|
+
# Remove `print`, `open`, `log` and import statements
|
116
|
+
content = re.sub(r"print\s*\(", "noop(", content)
|
117
|
+
content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
|
118
|
+
content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
|
119
|
+
content = content.replace("parse_requirements(", "fake_parse(")
|
120
|
+
version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
|
121
|
+
content = re.sub(version_re, "", content)
|
122
|
+
|
123
|
+
# Set variables likely to be imported
|
124
|
+
__version__ = '0.0.1+dependabot'
|
125
|
+
__author__ = 'someone'
|
126
|
+
__title__ = 'something'
|
127
|
+
__description__ = 'something'
|
128
|
+
__author_email__ = 'something'
|
129
|
+
__license__ = 'something'
|
130
|
+
__url__ = 'something'
|
131
|
+
|
132
|
+
# Run as main (since setup.py is a script)
|
133
|
+
__name__ = '__main__'
|
134
|
+
|
135
|
+
# Exec the setup.py
|
136
|
+
exec(content) in globals(), locals()
|
137
|
+
|
138
|
+
return json.dumps({ "result": setup_packages })
|
@@ -0,0 +1,18 @@
|
|
1
|
+
import sys
|
2
|
+
import json
|
3
|
+
|
4
|
+
from lib import parser, hasher
|
5
|
+
|
6
|
+
if __name__ == "__main__":
|
7
|
+
args = json.loads(sys.stdin.read())
|
8
|
+
|
9
|
+
if args["function"] == "parse_requirements":
|
10
|
+
print(parser.parse_requirements(args["args"][0]))
|
11
|
+
if args["function"] == "parse_setup":
|
12
|
+
print(parser.parse_setup(args["args"][0]))
|
13
|
+
elif args["function"] == "get_dependency_hash":
|
14
|
+
print(hasher.get_dependency_hash(*args["args"]))
|
15
|
+
elif args["function"] == "get_pipfile_hash":
|
16
|
+
print(hasher.get_pipfile_hash(*args["args"]))
|
17
|
+
elif args["function"] == "get_pyproject_hash":
|
18
|
+
print(hasher.get_pyproject_hash(*args["args"]))
|
metadata
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
date: 2020-08-20 00:00:00.000000000 Z
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.119.0.beta1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.119.0.beta1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -144,6 +144,11 @@ extensions: []
|
|
144
144
|
extra_rdoc_files: []
|
145
145
|
files:
|
146
146
|
- helpers/build
|
147
|
+
- helpers/install-dir/python/lib/__init__.py
|
148
|
+
- helpers/install-dir/python/lib/hasher.py
|
149
|
+
- helpers/install-dir/python/lib/parser.py
|
150
|
+
- helpers/install-dir/python/requirements.txt
|
151
|
+
- helpers/install-dir/python/run.py
|
147
152
|
- helpers/lib/__init__.py
|
148
153
|
- helpers/lib/hasher.py
|
149
154
|
- helpers/lib/parser.py
|
@@ -186,7 +191,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
186
191
|
licenses:
|
187
192
|
- Nonstandard
|
188
193
|
metadata: {}
|
189
|
-
post_install_message:
|
194
|
+
post_install_message:
|
190
195
|
rdoc_options: []
|
191
196
|
require_paths:
|
192
197
|
- lib
|
@@ -201,8 +206,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
201
206
|
- !ruby/object:Gem::Version
|
202
207
|
version: 2.5.0
|
203
208
|
requirements: []
|
204
|
-
rubygems_version: 3.1.
|
205
|
-
signing_key:
|
209
|
+
rubygems_version: 3.1.4
|
210
|
+
signing_key:
|
206
211
|
specification_version: 4
|
207
212
|
summary: Python support for dependabot
|
208
213
|
test_files: []
|