dependabot-python 0.98.20 → 0.98.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_parser.rb +1 -4
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +2 -7
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +25 -29
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -24
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -11
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +16 -17
- data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb +15 -20
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +8 -9
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 13e1990a53a8a437ac23ce95e0d59f3400a209da64ab5f82d6f2a432e620d721
|
4
|
+
data.tar.gz: 6284e7cb3cd180d467cab29670eca9ac804079c9bdd717ecfec29e3ff7795a94
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3bf815b588d9380809c4d9655da94608215e58ca286c5682f956e44070db5df492efd13e0f88bf97c7c1388513518341a240d618952bbb253fe03c6e530a7fdf
|
7
|
+
data.tar.gz: acd750d8963927eebeb48e67acd3184d4607fb9dbc8ce2fab7402cfeee0953c3d748ef7c7e27a1adaa287fcd00835efd69b906cfd5463af1919681fc6676905b
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "toml-rb"
|
4
|
-
require "shellwords"
|
5
4
|
require "dependabot/dependency"
|
6
5
|
require "dependabot/file_parsers"
|
7
6
|
require "dependabot/file_parsers/base"
|
@@ -125,10 +124,8 @@ module Dependabot
|
|
125
124
|
SharedHelpers.in_a_temporary_directory do
|
126
125
|
write_temporary_dependency_files
|
127
126
|
|
128
|
-
command_parts = ["pyenv", "exec", "python",
|
129
|
-
NativeHelpers.python_helper_path]
|
130
127
|
requirements = SharedHelpers.run_helper_subprocess(
|
131
|
-
command:
|
128
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
132
129
|
function: "parse_requirements",
|
133
130
|
args: [Dir.pwd]
|
134
131
|
)
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "shellwords"
|
4
3
|
require "dependabot/dependency"
|
5
4
|
require "dependabot/errors"
|
6
5
|
require "dependabot/file_parsers/base/dependency_set"
|
@@ -58,10 +57,8 @@ module Dependabot
|
|
58
57
|
SharedHelpers.in_a_temporary_directory do
|
59
58
|
write_temporary_dependency_files
|
60
59
|
|
61
|
-
command_parts = ["pyenv", "exec", "python",
|
62
|
-
NativeHelpers.python_helper_path]
|
63
60
|
requirements = SharedHelpers.run_helper_subprocess(
|
64
|
-
command:
|
61
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
65
62
|
function: "parse_setup",
|
66
63
|
args: [Dir.pwd]
|
67
64
|
)
|
@@ -81,10 +78,8 @@ module Dependabot
|
|
81
78
|
SharedHelpers.in_a_temporary_directory do
|
82
79
|
write_sanitized_setup_file
|
83
80
|
|
84
|
-
command_parts = ["pyenv", "exec", "python",
|
85
|
-
NativeHelpers.python_helper_path]
|
86
81
|
requirements = SharedHelpers.run_helper_subprocess(
|
87
|
-
command:
|
82
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
88
83
|
function: "parse_setup",
|
89
84
|
args: [Dir.pwd]
|
90
85
|
)
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "open3"
|
4
|
-
require "shellwords"
|
5
4
|
require "dependabot/python/requirement_parser"
|
6
5
|
require "dependabot/python/file_fetcher"
|
7
6
|
require "dependabot/python/file_updater"
|
@@ -9,10 +8,10 @@ require "dependabot/shared_helpers"
|
|
9
8
|
require "dependabot/python/native_helpers"
|
10
9
|
require "dependabot/python/python_versions"
|
11
10
|
|
12
|
-
# rubocop:disable Metrics/ClassLength
|
13
11
|
module Dependabot
|
14
12
|
module Python
|
15
13
|
class FileUpdater
|
14
|
+
# rubocop:disable Metrics/ClassLength
|
16
15
|
class PipCompileFileUpdater
|
17
16
|
require_relative "requirement_replacer"
|
18
17
|
require_relative "requirement_file_updater"
|
@@ -58,7 +57,6 @@ module Dependabot
|
|
58
57
|
|
59
58
|
# rubocop:disable Metrics/MethodLength
|
60
59
|
# rubocop:disable Metrics/BlockLength
|
61
|
-
# rubocop:disable Metrics/AbcSize
|
62
60
|
def compile_new_requirement_files
|
63
61
|
SharedHelpers.in_a_temporary_directory do
|
64
62
|
write_updated_dependency_files
|
@@ -67,20 +65,21 @@ module Dependabot
|
|
67
65
|
filenames_to_compile.each do |filename|
|
68
66
|
# Shell out to pip-compile, generate a new set of requirements.
|
69
67
|
# This is slow, as pip-compile needs to do installs.
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
].reject(&:empty?))
|
75
|
-
cmd_dep_version = Shellwords.join([dependency.version, filename])
|
68
|
+
name_part = "pyenv exec pip-compile "\
|
69
|
+
"#{pip_compile_options(filename)} -P "\
|
70
|
+
"#{dependency.name}"
|
71
|
+
version_part = "#{dependency.version} #{filename}"
|
76
72
|
# Don't escape pyenv `dep-name==version` syntax
|
77
|
-
run_pip_compile_command(
|
78
|
-
|
73
|
+
run_pip_compile_command(
|
74
|
+
"#{SharedHelpers.escape_command(name_part)}=="\
|
75
|
+
"#{SharedHelpers.escape_command(version_part)}",
|
76
|
+
escape_command_str: false
|
77
|
+
)
|
79
78
|
# Run pip-compile a second time, without an update argument, to
|
80
79
|
# ensure it resets the right comments.
|
81
80
|
run_pip_compile_command(
|
82
|
-
|
83
|
-
|
81
|
+
"pyenv exec pip-compile #{pip_compile_options(filename)} "\
|
82
|
+
"#{filename}"
|
84
83
|
)
|
85
84
|
|
86
85
|
unredact_git_credentials_in_compiled_file(filename)
|
@@ -104,7 +103,6 @@ module Dependabot
|
|
104
103
|
end
|
105
104
|
# rubocop:enable Metrics/MethodLength
|
106
105
|
# rubocop:enable Metrics/BlockLength
|
107
|
-
# rubocop:enable Metrics/AbcSize
|
108
106
|
|
109
107
|
def update_manifest_files
|
110
108
|
dependency_files.map do |file|
|
@@ -143,9 +141,9 @@ module Dependabot
|
|
143
141
|
).updated_dependency_files
|
144
142
|
end
|
145
143
|
|
146
|
-
def run_command(
|
144
|
+
def run_command(cmd, env: python_env, escape_command_str: true)
|
147
145
|
start = Time.now
|
148
|
-
command =
|
146
|
+
command = escape_command_str ? SharedHelpers.escape_command(cmd) : cmd
|
149
147
|
stdout, process = Open3.capture2e(env, command)
|
150
148
|
time_taken = Time.now - start
|
151
149
|
|
@@ -161,9 +159,9 @@ module Dependabot
|
|
161
159
|
)
|
162
160
|
end
|
163
161
|
|
164
|
-
def run_pip_compile_command(
|
165
|
-
run_command(
|
166
|
-
run_command(
|
162
|
+
def run_pip_compile_command(command, escape_command_str: true)
|
163
|
+
run_command("pyenv local #{python_version}")
|
164
|
+
run_command(command, escape_command_str: escape_command_str)
|
167
165
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
168
166
|
original_error ||= error
|
169
167
|
msg = error.message
|
@@ -229,13 +227,13 @@ module Dependabot
|
|
229
227
|
end
|
230
228
|
|
231
229
|
def install_required_python
|
232
|
-
if run_command(
|
230
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
233
231
|
return
|
234
232
|
end
|
235
233
|
|
236
|
-
run_command(
|
237
|
-
run_command(
|
238
|
-
|
234
|
+
run_command("pyenv install -s #{python_version}")
|
235
|
+
run_command("pyenv exec pip install -r "\
|
236
|
+
"#{NativeHelpers.python_requirements_path}")
|
239
237
|
end
|
240
238
|
|
241
239
|
def sanitized_setup_file_content(file)
|
@@ -414,10 +412,8 @@ module Dependabot
|
|
414
412
|
end
|
415
413
|
|
416
414
|
def package_hashes_for(name:, version:, algorithm:)
|
417
|
-
command_parts = ["pyenv", "exec", "python",
|
418
|
-
NativeHelpers.python_helper_path]
|
419
415
|
SharedHelpers.run_helper_subprocess(
|
420
|
-
command:
|
416
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
421
417
|
function: "get_dependency_hash",
|
422
418
|
args: [name, version, algorithm]
|
423
419
|
).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
|
@@ -468,7 +464,7 @@ module Dependabot
|
|
468
464
|
options << "--no-header"
|
469
465
|
end
|
470
466
|
|
471
|
-
options
|
467
|
+
options.join(" ")
|
472
468
|
end
|
473
469
|
|
474
470
|
def includes_unsafe_packages?(content)
|
@@ -562,7 +558,7 @@ module Dependabot
|
|
562
558
|
end
|
563
559
|
|
564
560
|
def pyenv_versions
|
565
|
-
@pyenv_versions ||= run_command(
|
561
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
566
562
|
end
|
567
563
|
|
568
564
|
def pre_installed_python?(version)
|
@@ -585,7 +581,7 @@ module Dependabot
|
|
585
581
|
dependency_files.find { |f| f.name == ".python-version" }
|
586
582
|
end
|
587
583
|
end
|
584
|
+
# rubocop:enable Metrics/ClassLength
|
588
585
|
end
|
589
586
|
end
|
590
587
|
end
|
591
|
-
# rubocop:enable Metrics/ClassLength
|
@@ -2,16 +2,14 @@
|
|
2
2
|
|
3
3
|
require "toml-rb"
|
4
4
|
require "open3"
|
5
|
-
require "shellwords"
|
6
5
|
require "dependabot/python/requirement_parser"
|
7
6
|
require "dependabot/python/file_updater"
|
8
7
|
require "dependabot/shared_helpers"
|
9
8
|
require "dependabot/python/native_helpers"
|
10
|
-
|
11
|
-
# rubocop:disable Metrics/ClassLength
|
12
9
|
module Dependabot
|
13
10
|
module Python
|
14
11
|
class FileUpdater
|
12
|
+
# rubocop:disable Metrics/ClassLength
|
15
13
|
class PipfileFileUpdater
|
16
14
|
require_relative "pipfile_preparer"
|
17
15
|
require_relative "setup_file_sanitizer"
|
@@ -191,11 +189,11 @@ module Dependabot
|
|
191
189
|
install_required_python
|
192
190
|
|
193
191
|
# Initialize a git repo to appease pip-tools
|
194
|
-
command =
|
192
|
+
command = SharedHelpers.escape_command("git init")
|
195
193
|
IO.popen(command, err: %i(child out)) if setup_files.any?
|
196
194
|
|
197
195
|
run_pipenv_command(
|
198
|
-
|
196
|
+
"pyenv exec pipenv lock"
|
199
197
|
)
|
200
198
|
|
201
199
|
result = { lockfile: File.read("Pipfile.lock") }
|
@@ -232,19 +230,19 @@ module Dependabot
|
|
232
230
|
|
233
231
|
def generate_updated_requirements_files
|
234
232
|
req_content = run_pipenv_command(
|
235
|
-
|
233
|
+
"pyenv exec pipenv lock -r"
|
236
234
|
)
|
237
235
|
File.write("req.txt", req_content)
|
238
236
|
|
239
237
|
dev_req_content = run_pipenv_command(
|
240
|
-
|
238
|
+
"pyenv exec pipenv lock -r -d"
|
241
239
|
)
|
242
240
|
File.write("dev-req.txt", dev_req_content)
|
243
241
|
end
|
244
242
|
|
245
|
-
def run_command(
|
243
|
+
def run_command(command, env: {})
|
246
244
|
start = Time.now
|
247
|
-
command =
|
245
|
+
command = SharedHelpers.escape_command(command)
|
248
246
|
stdout, process = Open3.capture2e(env, command)
|
249
247
|
time_taken = Time.now - start
|
250
248
|
|
@@ -262,9 +260,9 @@ module Dependabot
|
|
262
260
|
)
|
263
261
|
end
|
264
262
|
|
265
|
-
def run_pipenv_command(
|
266
|
-
run_command(
|
267
|
-
run_command(
|
263
|
+
def run_pipenv_command(command, env: pipenv_env_variables)
|
264
|
+
run_command("pyenv local #{python_version}")
|
265
|
+
run_command(command, env: env)
|
268
266
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
269
267
|
original_error ||= error
|
270
268
|
msg = error.message
|
@@ -278,8 +276,8 @@ module Dependabot
|
|
278
276
|
raise relevant_error if python_version.start_with?("2")
|
279
277
|
|
280
278
|
# Clear the existing virtualenv, so that we use the new Python version
|
281
|
-
run_command(
|
282
|
-
run_command(
|
279
|
+
run_command("pyenv local #{python_version}")
|
280
|
+
run_command("pyenv exec pipenv --rm")
|
283
281
|
|
284
282
|
@python_version = "2.7.16"
|
285
283
|
retry
|
@@ -323,19 +321,18 @@ module Dependabot
|
|
323
321
|
def install_required_python
|
324
322
|
# Initialize a git repo to appease pip-tools
|
325
323
|
begin
|
326
|
-
run_command(
|
324
|
+
run_command("git init") if setup_files.any?
|
327
325
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed
|
328
326
|
nil
|
329
327
|
end
|
330
328
|
|
331
|
-
if run_command(
|
329
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
332
330
|
return
|
333
331
|
end
|
334
332
|
|
335
333
|
requirements_path = NativeHelpers.python_requirements_path
|
336
|
-
run_command(
|
337
|
-
run_command(
|
338
|
-
requirements_path])
|
334
|
+
run_command("pyenv install -s #{python_version}")
|
335
|
+
run_command("pyenv exec pip install -r #{requirements_path}")
|
339
336
|
end
|
340
337
|
|
341
338
|
def sanitized_setup_file_content(file)
|
@@ -406,7 +403,7 @@ module Dependabot
|
|
406
403
|
end
|
407
404
|
|
408
405
|
def pyenv_versions
|
409
|
-
@pyenv_versions ||= run_command(
|
406
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
410
407
|
end
|
411
408
|
|
412
409
|
def pipfile_python_requirement
|
@@ -425,10 +422,8 @@ module Dependabot
|
|
425
422
|
def pipfile_hash_for(pipfile_content)
|
426
423
|
SharedHelpers.in_a_temporary_directory do |dir|
|
427
424
|
File.write(File.join(dir, "Pipfile"), pipfile_content)
|
428
|
-
command_parts = ["pyenv", "exec", "python",
|
429
|
-
NativeHelpers.python_helper_path]
|
430
425
|
SharedHelpers.run_helper_subprocess(
|
431
|
-
command:
|
426
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
432
427
|
function: "get_pipfile_hash",
|
433
428
|
args: [dir]
|
434
429
|
)
|
@@ -500,7 +495,7 @@ module Dependabot
|
|
500
495
|
}
|
501
496
|
end
|
502
497
|
end
|
498
|
+
# rubocop:enable Metrics/ClassLength
|
503
499
|
end
|
504
500
|
end
|
505
501
|
end
|
506
|
-
# rubocop:enable Metrics/ClassLength
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require "toml-rb"
|
4
4
|
require "open3"
|
5
|
-
require "shellwords"
|
6
5
|
require "dependabot/shared_helpers"
|
7
6
|
require "dependabot/python/version"
|
8
7
|
require "dependabot/python/requirement"
|
@@ -154,13 +153,13 @@ module Dependabot
|
|
154
153
|
write_temporary_dependency_files(pyproject_content)
|
155
154
|
|
156
155
|
if python_version && !pre_installed_python?(python_version)
|
157
|
-
run_poetry_command(
|
158
|
-
run_poetry_command(
|
159
|
-
|
156
|
+
run_poetry_command("pyenv install -s #{python_version}")
|
157
|
+
run_poetry_command("pyenv exec pip install -r"\
|
158
|
+
"#{NativeHelpers.python_requirements_path}")
|
160
159
|
end
|
161
160
|
|
162
161
|
run_poetry_command(
|
163
|
-
|
162
|
+
"pyenv exec poetry update #{dependency.name} --lock"
|
164
163
|
)
|
165
164
|
|
166
165
|
return File.read("poetry.lock") if File.exist?("poetry.lock")
|
@@ -169,9 +168,9 @@ module Dependabot
|
|
169
168
|
end
|
170
169
|
end
|
171
170
|
|
172
|
-
def run_poetry_command(
|
171
|
+
def run_poetry_command(command)
|
173
172
|
start = Time.now
|
174
|
-
command =
|
173
|
+
command = SharedHelpers.escape_command(command)
|
175
174
|
stdout, process = Open3.capture2e(command)
|
176
175
|
time_taken = Time.now - start
|
177
176
|
|
@@ -232,7 +231,7 @@ module Dependabot
|
|
232
231
|
end
|
233
232
|
|
234
233
|
def pyenv_versions
|
235
|
-
@pyenv_versions ||= run_poetry_command(
|
234
|
+
@pyenv_versions ||= run_poetry_command("pyenv install --list")
|
236
235
|
end
|
237
236
|
|
238
237
|
def pre_installed_python?(version)
|
@@ -242,10 +241,8 @@ module Dependabot
|
|
242
241
|
def pyproject_hash_for(pyproject_content)
|
243
242
|
SharedHelpers.in_a_temporary_directory do |dir|
|
244
243
|
File.write(File.join(dir, "pyproject.toml"), pyproject_content)
|
245
|
-
command_parts = ["pyenv", "exec", "python",
|
246
|
-
NativeHelpers.python_helper_path]
|
247
244
|
SharedHelpers.run_helper_subprocess(
|
248
|
-
command:
|
245
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
249
246
|
function: "get_pyproject_hash",
|
250
247
|
args: [dir]
|
251
248
|
)
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "shellwords"
|
4
3
|
require "dependabot/python/requirement_parser"
|
5
4
|
require "dependabot/python/file_updater"
|
6
5
|
require "dependabot/shared_helpers"
|
@@ -140,10 +139,8 @@ module Dependabot
|
|
140
139
|
end
|
141
140
|
|
142
141
|
def package_hashes_for(name:, version:, algorithm:)
|
143
|
-
command_parts = ["pyenv", "exec", "python",
|
144
|
-
NativeHelpers.python_helper_path]
|
145
142
|
SharedHelpers.run_helper_subprocess(
|
146
|
-
command:
|
143
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
147
144
|
function: "get_dependency_hash",
|
148
145
|
args: [name, version, algorithm]
|
149
146
|
).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "open3"
|
4
|
-
require "shellwords"
|
5
4
|
require "dependabot/python/requirement_parser"
|
6
5
|
require "dependabot/python/file_fetcher"
|
7
6
|
require "dependabot/python/file_parser"
|
@@ -12,6 +11,7 @@ require "dependabot/python/version"
|
|
12
11
|
require "dependabot/shared_helpers"
|
13
12
|
require "dependabot/python/native_helpers"
|
14
13
|
require "dependabot/python/python_versions"
|
14
|
+
|
15
15
|
module Dependabot
|
16
16
|
module Python
|
17
17
|
class UpdateChecker
|
@@ -59,14 +59,14 @@ module Dependabot
|
|
59
59
|
# Shell out to pip-compile.
|
60
60
|
# This is slow, as pip-compile needs to do installs.
|
61
61
|
run_pip_compile_command(
|
62
|
-
|
63
|
-
"--build-isolation
|
62
|
+
"pyenv exec pip-compile --allow-unsafe "\
|
63
|
+
"--build-isolation -P #{dependency.name} #{filename}"
|
64
64
|
)
|
65
65
|
# Run pip-compile a second time, without an update argument,
|
66
66
|
# to ensure it handles markers correctly
|
67
67
|
run_pip_compile_command(
|
68
|
-
|
69
|
-
"--build-isolation
|
68
|
+
"pyenv exec pip-compile --allow-unsafe "\
|
69
|
+
"--build-isolation #{filename}"
|
70
70
|
)
|
71
71
|
|
72
72
|
unredact_git_credentials_in_compiled_file(filename)
|
@@ -162,8 +162,7 @@ module Dependabot
|
|
162
162
|
write_temporary_dependency_files(unlock_requirement: false)
|
163
163
|
|
164
164
|
filenames_to_compile.each do |filename|
|
165
|
-
run_command(
|
166
|
-
filename])
|
165
|
+
run_command("pyenv exec pip-compile --allow-unsafe #{filename}")
|
167
166
|
end
|
168
167
|
|
169
168
|
true
|
@@ -181,9 +180,9 @@ module Dependabot
|
|
181
180
|
end
|
182
181
|
end
|
183
182
|
|
184
|
-
def run_command(
|
183
|
+
def run_command(command, env: python_env)
|
185
184
|
start = Time.now
|
186
|
-
command =
|
185
|
+
command = SharedHelpers.escape_command(command)
|
187
186
|
stdout, process = Open3.capture2e(env, command)
|
188
187
|
time_taken = Time.now - start
|
189
188
|
|
@@ -199,9 +198,9 @@ module Dependabot
|
|
199
198
|
)
|
200
199
|
end
|
201
200
|
|
202
|
-
def run_pip_compile_command(
|
203
|
-
run_command(
|
204
|
-
run_command(
|
201
|
+
def run_pip_compile_command(command)
|
202
|
+
run_command("pyenv local #{python_version}")
|
203
|
+
run_command(command)
|
205
204
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
206
205
|
original_error ||= error
|
207
206
|
msg = error.message
|
@@ -271,13 +270,13 @@ module Dependabot
|
|
271
270
|
end
|
272
271
|
|
273
272
|
def install_required_python
|
274
|
-
if run_command(
|
273
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
275
274
|
return
|
276
275
|
end
|
277
276
|
|
278
|
-
run_command(
|
279
|
-
run_command(
|
280
|
-
|
277
|
+
run_command("pyenv install -s #{python_version}")
|
278
|
+
run_command("pyenv exec pip install -r"\
|
279
|
+
"#{NativeHelpers.python_requirements_path}")
|
281
280
|
end
|
282
281
|
|
283
282
|
def sanitized_setup_file_content(file)
|
@@ -463,7 +462,7 @@ module Dependabot
|
|
463
462
|
end
|
464
463
|
|
465
464
|
def pyenv_versions
|
466
|
-
@pyenv_versions ||= run_command(
|
465
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
467
466
|
end
|
468
467
|
|
469
468
|
def pre_installed_python?(version)
|
@@ -3,7 +3,6 @@
|
|
3
3
|
require "excon"
|
4
4
|
require "toml-rb"
|
5
5
|
require "open3"
|
6
|
-
require "shellwords"
|
7
6
|
require "dependabot/errors"
|
8
7
|
require "dependabot/shared_helpers"
|
9
8
|
require "dependabot/python/file_parser"
|
@@ -78,9 +77,7 @@ module Dependabot
|
|
78
77
|
# Whilst calling `lock` avoids doing an install as part of the
|
79
78
|
# pipenv flow, an install is still done by pip-tools in order
|
80
79
|
# to resolve the dependencies. That means this is slow.
|
81
|
-
run_pipenv_command(
|
82
|
-
%w(pyenv exec pipenv lock)
|
83
|
-
)
|
80
|
+
run_pipenv_command("pyenv exec pipenv lock")
|
84
81
|
|
85
82
|
updated_lockfile = JSON.parse(File.read("Pipfile.lock"))
|
86
83
|
|
@@ -195,9 +192,7 @@ module Dependabot
|
|
195
192
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
196
193
|
write_temporary_dependency_files(update_pipfile: false)
|
197
194
|
|
198
|
-
run_pipenv_command(
|
199
|
-
%w(pyenv exec pipenv lock)
|
200
|
-
)
|
195
|
+
run_pipenv_command("pyenv exec pipenv lock")
|
201
196
|
|
202
197
|
true
|
203
198
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
@@ -288,19 +283,19 @@ module Dependabot
|
|
288
283
|
def install_required_python
|
289
284
|
# Initialize a git repo to appease pip-tools
|
290
285
|
begin
|
291
|
-
run_command(
|
286
|
+
run_command("git init") if setup_files.any?
|
292
287
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed
|
293
288
|
nil
|
294
289
|
end
|
295
290
|
|
296
|
-
if run_command(
|
291
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
297
292
|
return
|
298
293
|
end
|
299
294
|
|
300
295
|
requirements_path = NativeHelpers.python_requirements_path
|
301
|
-
run_command(
|
302
|
-
run_command(
|
303
|
-
|
296
|
+
run_command("pyenv install -s #{python_version}")
|
297
|
+
run_command("pyenv exec pip install -r "\
|
298
|
+
"#{requirements_path}")
|
304
299
|
end
|
305
300
|
|
306
301
|
def sanitized_setup_file_content(file)
|
@@ -414,7 +409,7 @@ module Dependabot
|
|
414
409
|
end
|
415
410
|
|
416
411
|
def pyenv_versions
|
417
|
-
@pyenv_versions ||= run_command(
|
412
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
418
413
|
end
|
419
414
|
|
420
415
|
def pipfile_python_requirement
|
@@ -487,9 +482,9 @@ module Dependabot
|
|
487
482
|
end
|
488
483
|
end
|
489
484
|
|
490
|
-
def run_command(
|
485
|
+
def run_command(command, env: {})
|
491
486
|
start = Time.now
|
492
|
-
command =
|
487
|
+
command = SharedHelpers.escape_command(command)
|
493
488
|
stdout, process = Open3.capture2e(env, command)
|
494
489
|
time_taken = Time.now - start
|
495
490
|
|
@@ -505,9 +500,9 @@ module Dependabot
|
|
505
500
|
)
|
506
501
|
end
|
507
502
|
|
508
|
-
def run_pipenv_command(
|
509
|
-
run_command(
|
510
|
-
run_command(
|
503
|
+
def run_pipenv_command(command, env: pipenv_env_variables)
|
504
|
+
run_command("pyenv local #{python_version}")
|
505
|
+
run_command(command, env: env)
|
511
506
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
512
507
|
original_error ||= error
|
513
508
|
msg = error.message
|
@@ -521,8 +516,8 @@ module Dependabot
|
|
521
516
|
raise relevant_error if python_version.start_with?("2")
|
522
517
|
|
523
518
|
# Clear the existing virtualenv, so that we use the new Python version
|
524
|
-
run_command(
|
525
|
-
run_command(
|
519
|
+
run_command("pyenv local #{python_version}")
|
520
|
+
run_command("pyenv exec pipenv --rm")
|
526
521
|
|
527
522
|
@python_version = "2.7.16"
|
528
523
|
retry
|
@@ -3,7 +3,6 @@
|
|
3
3
|
require "excon"
|
4
4
|
require "toml-rb"
|
5
5
|
require "open3"
|
6
|
-
require "shellwords"
|
7
6
|
require "dependabot/errors"
|
8
7
|
require "dependabot/shared_helpers"
|
9
8
|
require "dependabot/python/file_parser"
|
@@ -56,15 +55,15 @@ module Dependabot
|
|
56
55
|
write_temporary_dependency_files
|
57
56
|
|
58
57
|
if python_version && !pre_installed_python?(python_version)
|
59
|
-
run_poetry_command(
|
60
|
-
run_poetry_command(
|
61
|
-
|
58
|
+
run_poetry_command("pyenv install -s #{python_version}")
|
59
|
+
run_poetry_command("pyenv exec pip install -r "\
|
60
|
+
"#{NativeHelpers.python_requirements_path}")
|
62
61
|
end
|
63
62
|
|
64
63
|
# Shell out to Poetry, which handles everything for us.
|
65
64
|
# Using `--lock` avoids doing an install.
|
66
65
|
run_poetry_command(
|
67
|
-
|
66
|
+
"pyenv exec poetry update #{dependency.name} --lock"
|
68
67
|
)
|
69
68
|
|
70
69
|
updated_lockfile =
|
@@ -106,7 +105,7 @@ module Dependabot
|
|
106
105
|
write_temporary_dependency_files(update_pyproject: false)
|
107
106
|
|
108
107
|
run_poetry_command(
|
109
|
-
|
108
|
+
"pyenv exec poetry update #{dependency.name} --lock"
|
110
109
|
)
|
111
110
|
|
112
111
|
true
|
@@ -176,7 +175,7 @@ module Dependabot
|
|
176
175
|
end
|
177
176
|
|
178
177
|
def pyenv_versions
|
179
|
-
@pyenv_versions ||= run_poetry_command(
|
178
|
+
@pyenv_versions ||= run_poetry_command("pyenv install --list")
|
180
179
|
end
|
181
180
|
|
182
181
|
def pre_installed_python?(version)
|
@@ -312,9 +311,9 @@ module Dependabot
|
|
312
311
|
dependency_files.find { |f| f.name == ".python-version" }
|
313
312
|
end
|
314
313
|
|
315
|
-
def run_poetry_command(
|
314
|
+
def run_poetry_command(command)
|
316
315
|
start = Time.now
|
317
|
-
command =
|
316
|
+
command = SharedHelpers.escape_command(command)
|
318
317
|
stdout, process = Open3.capture2e(command)
|
319
318
|
time_taken = Time.now - start
|
320
319
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.98.
|
4
|
+
version: 0.98.21
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.98.
|
19
|
+
version: 0.98.21
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.98.
|
26
|
+
version: 0.98.21
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|