dependabot-python 0.125.7 → 0.128.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +2 -1
  3. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +28 -5
  4. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +23 -1
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d14f99e97125c12346de48675d036e82e71ff41432cece781115f493af6ff701
4
- data.tar.gz: dc94655cd1f089d22c57a1bf01f8945e8ecd7906bc667e63e77ae5089900b373
3
+ metadata.gz: cf6f64b4656464c1e02e73d553bcea937088074440b8b389aebfd0dffaff7e9f
4
+ data.tar.gz: 3af9328f0ef10bbcce3037a58c38cf0574805956ab8e94de1e1fa0fdb3936566
5
5
  SHA512:
6
- metadata.gz: a7c1f9e17e3846e35296a20a5eb9b92f947c0d87f398ec377a77937abea74a9dcc829a6b5df10279fe7ba5fcff1489e55ff5c7840d9e77e6bf0b0b5dbea57b1a
7
- data.tar.gz: f95df4327723a4c086f27c43c88059101d5080d4ab3d912dac3a8aaabb032c0c98d42811375ececd8690012753f6ff227f83587e18e40b8296409642ffd09b2b
6
+ metadata.gz: 84b362df67759d62bb506e8ca373cf487f790424a824610ebd18bed15e191580d0406aa66605c4b657adad8bba7a560acf72f4a6f86b8fe1d95c5f17b3c38456
7
+ data.tar.gz: 92047e230d53909532adf04e1945450ef8466d7d9bd8d6b925d9841314f6a97c6370691678801db81b7fbcf2e524729b59f614dc237230bbe91fbb92d5837c50
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,10 @@
1
- pip==20.1.1
1
+ pip==20.3.1
2
2
  pip-tools==5.4.0
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.1.4
7
+ wheel==0.36.2
7
8
 
8
9
  # Some dependencies will only install if Cython is present
9
10
  Cython==0.29.21
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -27,8 +27,8 @@ module Dependabot
27
27
  GIT_DEPENDENCY_UNREACHABLE_REGEX =
28
28
  /git clone -q (?<url>[^\s]+).* /.freeze
29
29
  GIT_REFERENCE_NOT_FOUND_REGEX =
30
- %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m.
31
- freeze
30
+ /egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
31
+ NATIVE_COMPILATION_ERROR = "pip._internal.exceptions.InstallationError: Command errored out with exit status 1"
32
32
 
33
33
  attr_reader :dependency, :dependency_files, :credentials
34
34
 
@@ -36,6 +36,7 @@ module Dependabot
36
36
  @dependency = dependency
37
37
  @dependency_files = dependency_files
38
38
  @credentials = credentials
39
+ @build_isolation = true
39
40
  end
40
41
 
41
42
  def latest_resolvable_version(requirement: nil)
@@ -72,7 +73,7 @@ module Dependabot
72
73
  # Shell out to pip-compile.
73
74
  # This is slow, as pip-compile needs to do installs.
74
75
  run_pip_compile_command(
75
- "pyenv exec pip-compile --allow-unsafe "\
76
+ "pyenv exec pip-compile --allow-unsafe -v "\
76
77
  "#{pip_compile_options(filename)} -P #{dependency.name} "\
77
78
  "#{filename}"
78
79
  )
@@ -91,10 +92,22 @@ module Dependabot
91
92
  parse_updated_files
92
93
  end
93
94
  rescue SharedHelpers::HelperSubprocessFailed => e
95
+ retry_count ||= 0
96
+ retry_count += 1
97
+
98
+ if compilation_error?(e) && retry_count <= 1
99
+ @build_isolation = false
100
+ retry
101
+ end
102
+
94
103
  handle_pip_compile_errors(e)
95
104
  end
96
105
  end
97
106
 
107
+ def compilation_error?(error)
108
+ error.message.include?(NATIVE_COMPILATION_ERROR)
109
+ end
110
+
98
111
  # rubocop:disable Metrics/AbcSize
99
112
  def handle_pip_compile_errors(error)
100
113
  if error.message.include?("Could not find a version")
@@ -195,7 +208,7 @@ module Dependabot
195
208
  end
196
209
 
197
210
  def pip_compile_options(filename)
198
- options = ["--build-isolation"]
211
+ options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
199
212
  options += pip_compile_index_options
200
213
 
201
214
  if (requirements_file = compiled_file_for_filename(filename))
@@ -366,11 +379,21 @@ module Dependabot
366
379
  NameNormaliser.normalise(name)
367
380
  end
368
381
 
382
+ VERBOSE_ERROR_OUTPUT_LINES = [
383
+ "Traceback",
384
+ "Using indexes:",
385
+ "Current constraints:",
386
+ "Finding the best candidates:",
387
+ "Finding secondary dependencies:",
388
+ "\n",
389
+ " "
390
+ ].freeze
391
+
369
392
  def clean_error_message(message)
370
393
  msg_lines = message.lines
371
394
  msg = msg_lines.
372
395
  take_while { |l| !l.start_with?("During handling of") }.
373
- drop_while { |l| l.start_with?("Traceback", " ") }.
396
+ drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
374
397
  join.strip
375
398
 
376
399
  # Redact any URLs, as they may include credentials
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -39,6 +39,12 @@ module Dependabot
39
39
  UNSUPPORTED_DEP_REGEX =
40
40
  /"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/.
41
41
  freeze
42
+ PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal."\
43
+ "exceptions.InstallationError: "\
44
+ "Command \"python setup.py egg_info\" "\
45
+ "failed with error code 1 in"
46
+ PIPENV_INSTALLATION_ERROR_REGEX =
47
+ %r{#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}.+/(?<name>.+)/$}.freeze
42
48
 
43
49
  attr_reader :dependency, :dependency_files, :credentials
44
50
 
@@ -169,7 +175,6 @@ module Dependabot
169
175
  return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
170
176
  end
171
177
 
172
- puts error.message
173
178
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
174
179
  url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
175
180
  named_captures.fetch("url")
@@ -232,6 +237,10 @@ module Dependabot
232
237
  raise DependencyFileNotResolvable, msg
233
238
  end
234
239
 
240
+ # NOTE: Pipenv masks the actualy error, see this issue for updates:
241
+ # https://github.com/pypa/pipenv/issues/2791
242
+ handle_pipenv_installation_error(error.message) if error.message.match?(PIPENV_INSTALLATION_ERROR_REGEX)
243
+
235
244
  # Raise an unhandled error, as this could be a problem with
236
245
  # Dependabot's infrastructure, rather than the Pipfile
237
246
  raise
@@ -257,6 +266,19 @@ module Dependabot
257
266
  msg.gsub(/http.*?(?=\s)/, "<redacted>")
258
267
  end
259
268
 
269
+ def handle_pipenv_installation_error(error_message)
270
+ # Find the dependency that's causing resolution to fail
271
+ dependency_name = error_message.match(PIPENV_INSTALLATION_ERROR_REGEX).named_captures["name"]
272
+ raise unless dependency_name
273
+
274
+ msg = "Pipenv failed to install \"#{dependency_name}\". This could be caused by missing system "\
275
+ "dependencies that can't be installed by Dependabot or required installation flags.\n\n"\
276
+ "Error output from running \"pipenv lock\":\n"\
277
+ "#{clean_error_message(error_message)}"
278
+
279
+ raise DependencyFileNotResolvable, msg
280
+ end
281
+
260
282
  def write_temporary_dependency_files(updated_req: nil,
261
283
  update_pipfile: true)
262
284
  dependency_files.each do |file|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.7
4
+ version: 0.128.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-30 00:00:00.000000000 Z
11
+ date: 2020-12-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.7
19
+ version: 0.128.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.7
26
+ version: 0.128.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.4.2
103
+ version: 1.6.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.4.2
110
+ version: 1.6.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement