dependabot-python 0.98.20 → 0.98.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_parser.rb +1 -4
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +2 -7
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +25 -29
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -24
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -11
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +16 -17
- data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb +15 -20
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +8 -9
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 13e1990a53a8a437ac23ce95e0d59f3400a209da64ab5f82d6f2a432e620d721
|
4
|
+
data.tar.gz: 6284e7cb3cd180d467cab29670eca9ac804079c9bdd717ecfec29e3ff7795a94
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3bf815b588d9380809c4d9655da94608215e58ca286c5682f956e44070db5df492efd13e0f88bf97c7c1388513518341a240d618952bbb253fe03c6e530a7fdf
|
7
|
+
data.tar.gz: acd750d8963927eebeb48e67acd3184d4607fb9dbc8ce2fab7402cfeee0953c3d748ef7c7e27a1adaa287fcd00835efd69b906cfd5463af1919681fc6676905b
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "toml-rb"
|
4
|
-
require "shellwords"
|
5
4
|
require "dependabot/dependency"
|
6
5
|
require "dependabot/file_parsers"
|
7
6
|
require "dependabot/file_parsers/base"
|
@@ -125,10 +124,8 @@ module Dependabot
|
|
125
124
|
SharedHelpers.in_a_temporary_directory do
|
126
125
|
write_temporary_dependency_files
|
127
126
|
|
128
|
-
command_parts = ["pyenv", "exec", "python",
|
129
|
-
NativeHelpers.python_helper_path]
|
130
127
|
requirements = SharedHelpers.run_helper_subprocess(
|
131
|
-
command:
|
128
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
132
129
|
function: "parse_requirements",
|
133
130
|
args: [Dir.pwd]
|
134
131
|
)
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "shellwords"
|
4
3
|
require "dependabot/dependency"
|
5
4
|
require "dependabot/errors"
|
6
5
|
require "dependabot/file_parsers/base/dependency_set"
|
@@ -58,10 +57,8 @@ module Dependabot
|
|
58
57
|
SharedHelpers.in_a_temporary_directory do
|
59
58
|
write_temporary_dependency_files
|
60
59
|
|
61
|
-
command_parts = ["pyenv", "exec", "python",
|
62
|
-
NativeHelpers.python_helper_path]
|
63
60
|
requirements = SharedHelpers.run_helper_subprocess(
|
64
|
-
command:
|
61
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
65
62
|
function: "parse_setup",
|
66
63
|
args: [Dir.pwd]
|
67
64
|
)
|
@@ -81,10 +78,8 @@ module Dependabot
|
|
81
78
|
SharedHelpers.in_a_temporary_directory do
|
82
79
|
write_sanitized_setup_file
|
83
80
|
|
84
|
-
command_parts = ["pyenv", "exec", "python",
|
85
|
-
NativeHelpers.python_helper_path]
|
86
81
|
requirements = SharedHelpers.run_helper_subprocess(
|
87
|
-
command:
|
82
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
88
83
|
function: "parse_setup",
|
89
84
|
args: [Dir.pwd]
|
90
85
|
)
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "open3"
|
4
|
-
require "shellwords"
|
5
4
|
require "dependabot/python/requirement_parser"
|
6
5
|
require "dependabot/python/file_fetcher"
|
7
6
|
require "dependabot/python/file_updater"
|
@@ -9,10 +8,10 @@ require "dependabot/shared_helpers"
|
|
9
8
|
require "dependabot/python/native_helpers"
|
10
9
|
require "dependabot/python/python_versions"
|
11
10
|
|
12
|
-
# rubocop:disable Metrics/ClassLength
|
13
11
|
module Dependabot
|
14
12
|
module Python
|
15
13
|
class FileUpdater
|
14
|
+
# rubocop:disable Metrics/ClassLength
|
16
15
|
class PipCompileFileUpdater
|
17
16
|
require_relative "requirement_replacer"
|
18
17
|
require_relative "requirement_file_updater"
|
@@ -58,7 +57,6 @@ module Dependabot
|
|
58
57
|
|
59
58
|
# rubocop:disable Metrics/MethodLength
|
60
59
|
# rubocop:disable Metrics/BlockLength
|
61
|
-
# rubocop:disable Metrics/AbcSize
|
62
60
|
def compile_new_requirement_files
|
63
61
|
SharedHelpers.in_a_temporary_directory do
|
64
62
|
write_updated_dependency_files
|
@@ -67,20 +65,21 @@ module Dependabot
|
|
67
65
|
filenames_to_compile.each do |filename|
|
68
66
|
# Shell out to pip-compile, generate a new set of requirements.
|
69
67
|
# This is slow, as pip-compile needs to do installs.
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
].reject(&:empty?))
|
75
|
-
cmd_dep_version = Shellwords.join([dependency.version, filename])
|
68
|
+
name_part = "pyenv exec pip-compile "\
|
69
|
+
"#{pip_compile_options(filename)} -P "\
|
70
|
+
"#{dependency.name}"
|
71
|
+
version_part = "#{dependency.version} #{filename}"
|
76
72
|
# Don't escape pyenv `dep-name==version` syntax
|
77
|
-
run_pip_compile_command(
|
78
|
-
|
73
|
+
run_pip_compile_command(
|
74
|
+
"#{SharedHelpers.escape_command(name_part)}=="\
|
75
|
+
"#{SharedHelpers.escape_command(version_part)}",
|
76
|
+
escape_command_str: false
|
77
|
+
)
|
79
78
|
# Run pip-compile a second time, without an update argument, to
|
80
79
|
# ensure it resets the right comments.
|
81
80
|
run_pip_compile_command(
|
82
|
-
|
83
|
-
|
81
|
+
"pyenv exec pip-compile #{pip_compile_options(filename)} "\
|
82
|
+
"#{filename}"
|
84
83
|
)
|
85
84
|
|
86
85
|
unredact_git_credentials_in_compiled_file(filename)
|
@@ -104,7 +103,6 @@ module Dependabot
|
|
104
103
|
end
|
105
104
|
# rubocop:enable Metrics/MethodLength
|
106
105
|
# rubocop:enable Metrics/BlockLength
|
107
|
-
# rubocop:enable Metrics/AbcSize
|
108
106
|
|
109
107
|
def update_manifest_files
|
110
108
|
dependency_files.map do |file|
|
@@ -143,9 +141,9 @@ module Dependabot
|
|
143
141
|
).updated_dependency_files
|
144
142
|
end
|
145
143
|
|
146
|
-
def run_command(
|
144
|
+
def run_command(cmd, env: python_env, escape_command_str: true)
|
147
145
|
start = Time.now
|
148
|
-
command =
|
146
|
+
command = escape_command_str ? SharedHelpers.escape_command(cmd) : cmd
|
149
147
|
stdout, process = Open3.capture2e(env, command)
|
150
148
|
time_taken = Time.now - start
|
151
149
|
|
@@ -161,9 +159,9 @@ module Dependabot
|
|
161
159
|
)
|
162
160
|
end
|
163
161
|
|
164
|
-
def run_pip_compile_command(
|
165
|
-
run_command(
|
166
|
-
run_command(
|
162
|
+
def run_pip_compile_command(command, escape_command_str: true)
|
163
|
+
run_command("pyenv local #{python_version}")
|
164
|
+
run_command(command, escape_command_str: escape_command_str)
|
167
165
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
168
166
|
original_error ||= error
|
169
167
|
msg = error.message
|
@@ -229,13 +227,13 @@ module Dependabot
|
|
229
227
|
end
|
230
228
|
|
231
229
|
def install_required_python
|
232
|
-
if run_command(
|
230
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
233
231
|
return
|
234
232
|
end
|
235
233
|
|
236
|
-
run_command(
|
237
|
-
run_command(
|
238
|
-
|
234
|
+
run_command("pyenv install -s #{python_version}")
|
235
|
+
run_command("pyenv exec pip install -r "\
|
236
|
+
"#{NativeHelpers.python_requirements_path}")
|
239
237
|
end
|
240
238
|
|
241
239
|
def sanitized_setup_file_content(file)
|
@@ -414,10 +412,8 @@ module Dependabot
|
|
414
412
|
end
|
415
413
|
|
416
414
|
def package_hashes_for(name:, version:, algorithm:)
|
417
|
-
command_parts = ["pyenv", "exec", "python",
|
418
|
-
NativeHelpers.python_helper_path]
|
419
415
|
SharedHelpers.run_helper_subprocess(
|
420
|
-
command:
|
416
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
421
417
|
function: "get_dependency_hash",
|
422
418
|
args: [name, version, algorithm]
|
423
419
|
).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
|
@@ -468,7 +464,7 @@ module Dependabot
|
|
468
464
|
options << "--no-header"
|
469
465
|
end
|
470
466
|
|
471
|
-
options
|
467
|
+
options.join(" ")
|
472
468
|
end
|
473
469
|
|
474
470
|
def includes_unsafe_packages?(content)
|
@@ -562,7 +558,7 @@ module Dependabot
|
|
562
558
|
end
|
563
559
|
|
564
560
|
def pyenv_versions
|
565
|
-
@pyenv_versions ||= run_command(
|
561
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
566
562
|
end
|
567
563
|
|
568
564
|
def pre_installed_python?(version)
|
@@ -585,7 +581,7 @@ module Dependabot
|
|
585
581
|
dependency_files.find { |f| f.name == ".python-version" }
|
586
582
|
end
|
587
583
|
end
|
584
|
+
# rubocop:enable Metrics/ClassLength
|
588
585
|
end
|
589
586
|
end
|
590
587
|
end
|
591
|
-
# rubocop:enable Metrics/ClassLength
|
@@ -2,16 +2,14 @@
|
|
2
2
|
|
3
3
|
require "toml-rb"
|
4
4
|
require "open3"
|
5
|
-
require "shellwords"
|
6
5
|
require "dependabot/python/requirement_parser"
|
7
6
|
require "dependabot/python/file_updater"
|
8
7
|
require "dependabot/shared_helpers"
|
9
8
|
require "dependabot/python/native_helpers"
|
10
|
-
|
11
|
-
# rubocop:disable Metrics/ClassLength
|
12
9
|
module Dependabot
|
13
10
|
module Python
|
14
11
|
class FileUpdater
|
12
|
+
# rubocop:disable Metrics/ClassLength
|
15
13
|
class PipfileFileUpdater
|
16
14
|
require_relative "pipfile_preparer"
|
17
15
|
require_relative "setup_file_sanitizer"
|
@@ -191,11 +189,11 @@ module Dependabot
|
|
191
189
|
install_required_python
|
192
190
|
|
193
191
|
# Initialize a git repo to appease pip-tools
|
194
|
-
command =
|
192
|
+
command = SharedHelpers.escape_command("git init")
|
195
193
|
IO.popen(command, err: %i(child out)) if setup_files.any?
|
196
194
|
|
197
195
|
run_pipenv_command(
|
198
|
-
|
196
|
+
"pyenv exec pipenv lock"
|
199
197
|
)
|
200
198
|
|
201
199
|
result = { lockfile: File.read("Pipfile.lock") }
|
@@ -232,19 +230,19 @@ module Dependabot
|
|
232
230
|
|
233
231
|
def generate_updated_requirements_files
|
234
232
|
req_content = run_pipenv_command(
|
235
|
-
|
233
|
+
"pyenv exec pipenv lock -r"
|
236
234
|
)
|
237
235
|
File.write("req.txt", req_content)
|
238
236
|
|
239
237
|
dev_req_content = run_pipenv_command(
|
240
|
-
|
238
|
+
"pyenv exec pipenv lock -r -d"
|
241
239
|
)
|
242
240
|
File.write("dev-req.txt", dev_req_content)
|
243
241
|
end
|
244
242
|
|
245
|
-
def run_command(
|
243
|
+
def run_command(command, env: {})
|
246
244
|
start = Time.now
|
247
|
-
command =
|
245
|
+
command = SharedHelpers.escape_command(command)
|
248
246
|
stdout, process = Open3.capture2e(env, command)
|
249
247
|
time_taken = Time.now - start
|
250
248
|
|
@@ -262,9 +260,9 @@ module Dependabot
|
|
262
260
|
)
|
263
261
|
end
|
264
262
|
|
265
|
-
def run_pipenv_command(
|
266
|
-
run_command(
|
267
|
-
run_command(
|
263
|
+
def run_pipenv_command(command, env: pipenv_env_variables)
|
264
|
+
run_command("pyenv local #{python_version}")
|
265
|
+
run_command(command, env: env)
|
268
266
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
269
267
|
original_error ||= error
|
270
268
|
msg = error.message
|
@@ -278,8 +276,8 @@ module Dependabot
|
|
278
276
|
raise relevant_error if python_version.start_with?("2")
|
279
277
|
|
280
278
|
# Clear the existing virtualenv, so that we use the new Python version
|
281
|
-
run_command(
|
282
|
-
run_command(
|
279
|
+
run_command("pyenv local #{python_version}")
|
280
|
+
run_command("pyenv exec pipenv --rm")
|
283
281
|
|
284
282
|
@python_version = "2.7.16"
|
285
283
|
retry
|
@@ -323,19 +321,18 @@ module Dependabot
|
|
323
321
|
def install_required_python
|
324
322
|
# Initialize a git repo to appease pip-tools
|
325
323
|
begin
|
326
|
-
run_command(
|
324
|
+
run_command("git init") if setup_files.any?
|
327
325
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed
|
328
326
|
nil
|
329
327
|
end
|
330
328
|
|
331
|
-
if run_command(
|
329
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
332
330
|
return
|
333
331
|
end
|
334
332
|
|
335
333
|
requirements_path = NativeHelpers.python_requirements_path
|
336
|
-
run_command(
|
337
|
-
run_command(
|
338
|
-
requirements_path])
|
334
|
+
run_command("pyenv install -s #{python_version}")
|
335
|
+
run_command("pyenv exec pip install -r #{requirements_path}")
|
339
336
|
end
|
340
337
|
|
341
338
|
def sanitized_setup_file_content(file)
|
@@ -406,7 +403,7 @@ module Dependabot
|
|
406
403
|
end
|
407
404
|
|
408
405
|
def pyenv_versions
|
409
|
-
@pyenv_versions ||= run_command(
|
406
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
410
407
|
end
|
411
408
|
|
412
409
|
def pipfile_python_requirement
|
@@ -425,10 +422,8 @@ module Dependabot
|
|
425
422
|
def pipfile_hash_for(pipfile_content)
|
426
423
|
SharedHelpers.in_a_temporary_directory do |dir|
|
427
424
|
File.write(File.join(dir, "Pipfile"), pipfile_content)
|
428
|
-
command_parts = ["pyenv", "exec", "python",
|
429
|
-
NativeHelpers.python_helper_path]
|
430
425
|
SharedHelpers.run_helper_subprocess(
|
431
|
-
command:
|
426
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
432
427
|
function: "get_pipfile_hash",
|
433
428
|
args: [dir]
|
434
429
|
)
|
@@ -500,7 +495,7 @@ module Dependabot
|
|
500
495
|
}
|
501
496
|
end
|
502
497
|
end
|
498
|
+
# rubocop:enable Metrics/ClassLength
|
503
499
|
end
|
504
500
|
end
|
505
501
|
end
|
506
|
-
# rubocop:enable Metrics/ClassLength
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require "toml-rb"
|
4
4
|
require "open3"
|
5
|
-
require "shellwords"
|
6
5
|
require "dependabot/shared_helpers"
|
7
6
|
require "dependabot/python/version"
|
8
7
|
require "dependabot/python/requirement"
|
@@ -154,13 +153,13 @@ module Dependabot
|
|
154
153
|
write_temporary_dependency_files(pyproject_content)
|
155
154
|
|
156
155
|
if python_version && !pre_installed_python?(python_version)
|
157
|
-
run_poetry_command(
|
158
|
-
run_poetry_command(
|
159
|
-
|
156
|
+
run_poetry_command("pyenv install -s #{python_version}")
|
157
|
+
run_poetry_command("pyenv exec pip install -r"\
|
158
|
+
"#{NativeHelpers.python_requirements_path}")
|
160
159
|
end
|
161
160
|
|
162
161
|
run_poetry_command(
|
163
|
-
|
162
|
+
"pyenv exec poetry update #{dependency.name} --lock"
|
164
163
|
)
|
165
164
|
|
166
165
|
return File.read("poetry.lock") if File.exist?("poetry.lock")
|
@@ -169,9 +168,9 @@ module Dependabot
|
|
169
168
|
end
|
170
169
|
end
|
171
170
|
|
172
|
-
def run_poetry_command(
|
171
|
+
def run_poetry_command(command)
|
173
172
|
start = Time.now
|
174
|
-
command =
|
173
|
+
command = SharedHelpers.escape_command(command)
|
175
174
|
stdout, process = Open3.capture2e(command)
|
176
175
|
time_taken = Time.now - start
|
177
176
|
|
@@ -232,7 +231,7 @@ module Dependabot
|
|
232
231
|
end
|
233
232
|
|
234
233
|
def pyenv_versions
|
235
|
-
@pyenv_versions ||= run_poetry_command(
|
234
|
+
@pyenv_versions ||= run_poetry_command("pyenv install --list")
|
236
235
|
end
|
237
236
|
|
238
237
|
def pre_installed_python?(version)
|
@@ -242,10 +241,8 @@ module Dependabot
|
|
242
241
|
def pyproject_hash_for(pyproject_content)
|
243
242
|
SharedHelpers.in_a_temporary_directory do |dir|
|
244
243
|
File.write(File.join(dir, "pyproject.toml"), pyproject_content)
|
245
|
-
command_parts = ["pyenv", "exec", "python",
|
246
|
-
NativeHelpers.python_helper_path]
|
247
244
|
SharedHelpers.run_helper_subprocess(
|
248
|
-
command:
|
245
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
249
246
|
function: "get_pyproject_hash",
|
250
247
|
args: [dir]
|
251
248
|
)
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "shellwords"
|
4
3
|
require "dependabot/python/requirement_parser"
|
5
4
|
require "dependabot/python/file_updater"
|
6
5
|
require "dependabot/shared_helpers"
|
@@ -140,10 +139,8 @@ module Dependabot
|
|
140
139
|
end
|
141
140
|
|
142
141
|
def package_hashes_for(name:, version:, algorithm:)
|
143
|
-
command_parts = ["pyenv", "exec", "python",
|
144
|
-
NativeHelpers.python_helper_path]
|
145
142
|
SharedHelpers.run_helper_subprocess(
|
146
|
-
command:
|
143
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
147
144
|
function: "get_dependency_hash",
|
148
145
|
args: [name, version, algorithm]
|
149
146
|
).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "open3"
|
4
|
-
require "shellwords"
|
5
4
|
require "dependabot/python/requirement_parser"
|
6
5
|
require "dependabot/python/file_fetcher"
|
7
6
|
require "dependabot/python/file_parser"
|
@@ -12,6 +11,7 @@ require "dependabot/python/version"
|
|
12
11
|
require "dependabot/shared_helpers"
|
13
12
|
require "dependabot/python/native_helpers"
|
14
13
|
require "dependabot/python/python_versions"
|
14
|
+
|
15
15
|
module Dependabot
|
16
16
|
module Python
|
17
17
|
class UpdateChecker
|
@@ -59,14 +59,14 @@ module Dependabot
|
|
59
59
|
# Shell out to pip-compile.
|
60
60
|
# This is slow, as pip-compile needs to do installs.
|
61
61
|
run_pip_compile_command(
|
62
|
-
|
63
|
-
"--build-isolation
|
62
|
+
"pyenv exec pip-compile --allow-unsafe "\
|
63
|
+
"--build-isolation -P #{dependency.name} #{filename}"
|
64
64
|
)
|
65
65
|
# Run pip-compile a second time, without an update argument,
|
66
66
|
# to ensure it handles markers correctly
|
67
67
|
run_pip_compile_command(
|
68
|
-
|
69
|
-
"--build-isolation
|
68
|
+
"pyenv exec pip-compile --allow-unsafe "\
|
69
|
+
"--build-isolation #{filename}"
|
70
70
|
)
|
71
71
|
|
72
72
|
unredact_git_credentials_in_compiled_file(filename)
|
@@ -162,8 +162,7 @@ module Dependabot
|
|
162
162
|
write_temporary_dependency_files(unlock_requirement: false)
|
163
163
|
|
164
164
|
filenames_to_compile.each do |filename|
|
165
|
-
run_command(
|
166
|
-
filename])
|
165
|
+
run_command("pyenv exec pip-compile --allow-unsafe #{filename}")
|
167
166
|
end
|
168
167
|
|
169
168
|
true
|
@@ -181,9 +180,9 @@ module Dependabot
|
|
181
180
|
end
|
182
181
|
end
|
183
182
|
|
184
|
-
def run_command(
|
183
|
+
def run_command(command, env: python_env)
|
185
184
|
start = Time.now
|
186
|
-
command =
|
185
|
+
command = SharedHelpers.escape_command(command)
|
187
186
|
stdout, process = Open3.capture2e(env, command)
|
188
187
|
time_taken = Time.now - start
|
189
188
|
|
@@ -199,9 +198,9 @@ module Dependabot
|
|
199
198
|
)
|
200
199
|
end
|
201
200
|
|
202
|
-
def run_pip_compile_command(
|
203
|
-
run_command(
|
204
|
-
run_command(
|
201
|
+
def run_pip_compile_command(command)
|
202
|
+
run_command("pyenv local #{python_version}")
|
203
|
+
run_command(command)
|
205
204
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
206
205
|
original_error ||= error
|
207
206
|
msg = error.message
|
@@ -271,13 +270,13 @@ module Dependabot
|
|
271
270
|
end
|
272
271
|
|
273
272
|
def install_required_python
|
274
|
-
if run_command(
|
273
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
275
274
|
return
|
276
275
|
end
|
277
276
|
|
278
|
-
run_command(
|
279
|
-
run_command(
|
280
|
-
|
277
|
+
run_command("pyenv install -s #{python_version}")
|
278
|
+
run_command("pyenv exec pip install -r"\
|
279
|
+
"#{NativeHelpers.python_requirements_path}")
|
281
280
|
end
|
282
281
|
|
283
282
|
def sanitized_setup_file_content(file)
|
@@ -463,7 +462,7 @@ module Dependabot
|
|
463
462
|
end
|
464
463
|
|
465
464
|
def pyenv_versions
|
466
|
-
@pyenv_versions ||= run_command(
|
465
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
467
466
|
end
|
468
467
|
|
469
468
|
def pre_installed_python?(version)
|
@@ -3,7 +3,6 @@
|
|
3
3
|
require "excon"
|
4
4
|
require "toml-rb"
|
5
5
|
require "open3"
|
6
|
-
require "shellwords"
|
7
6
|
require "dependabot/errors"
|
8
7
|
require "dependabot/shared_helpers"
|
9
8
|
require "dependabot/python/file_parser"
|
@@ -78,9 +77,7 @@ module Dependabot
|
|
78
77
|
# Whilst calling `lock` avoids doing an install as part of the
|
79
78
|
# pipenv flow, an install is still done by pip-tools in order
|
80
79
|
# to resolve the dependencies. That means this is slow.
|
81
|
-
run_pipenv_command(
|
82
|
-
%w(pyenv exec pipenv lock)
|
83
|
-
)
|
80
|
+
run_pipenv_command("pyenv exec pipenv lock")
|
84
81
|
|
85
82
|
updated_lockfile = JSON.parse(File.read("Pipfile.lock"))
|
86
83
|
|
@@ -195,9 +192,7 @@ module Dependabot
|
|
195
192
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
196
193
|
write_temporary_dependency_files(update_pipfile: false)
|
197
194
|
|
198
|
-
run_pipenv_command(
|
199
|
-
%w(pyenv exec pipenv lock)
|
200
|
-
)
|
195
|
+
run_pipenv_command("pyenv exec pipenv lock")
|
201
196
|
|
202
197
|
true
|
203
198
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
@@ -288,19 +283,19 @@ module Dependabot
|
|
288
283
|
def install_required_python
|
289
284
|
# Initialize a git repo to appease pip-tools
|
290
285
|
begin
|
291
|
-
run_command(
|
286
|
+
run_command("git init") if setup_files.any?
|
292
287
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed
|
293
288
|
nil
|
294
289
|
end
|
295
290
|
|
296
|
-
if run_command(
|
291
|
+
if run_command("pyenv versions").include?("#{python_version}\n")
|
297
292
|
return
|
298
293
|
end
|
299
294
|
|
300
295
|
requirements_path = NativeHelpers.python_requirements_path
|
301
|
-
run_command(
|
302
|
-
run_command(
|
303
|
-
|
296
|
+
run_command("pyenv install -s #{python_version}")
|
297
|
+
run_command("pyenv exec pip install -r "\
|
298
|
+
"#{requirements_path}")
|
304
299
|
end
|
305
300
|
|
306
301
|
def sanitized_setup_file_content(file)
|
@@ -414,7 +409,7 @@ module Dependabot
|
|
414
409
|
end
|
415
410
|
|
416
411
|
def pyenv_versions
|
417
|
-
@pyenv_versions ||= run_command(
|
412
|
+
@pyenv_versions ||= run_command("pyenv install --list")
|
418
413
|
end
|
419
414
|
|
420
415
|
def pipfile_python_requirement
|
@@ -487,9 +482,9 @@ module Dependabot
|
|
487
482
|
end
|
488
483
|
end
|
489
484
|
|
490
|
-
def run_command(
|
485
|
+
def run_command(command, env: {})
|
491
486
|
start = Time.now
|
492
|
-
command =
|
487
|
+
command = SharedHelpers.escape_command(command)
|
493
488
|
stdout, process = Open3.capture2e(env, command)
|
494
489
|
time_taken = Time.now - start
|
495
490
|
|
@@ -505,9 +500,9 @@ module Dependabot
|
|
505
500
|
)
|
506
501
|
end
|
507
502
|
|
508
|
-
def run_pipenv_command(
|
509
|
-
run_command(
|
510
|
-
run_command(
|
503
|
+
def run_pipenv_command(command, env: pipenv_env_variables)
|
504
|
+
run_command("pyenv local #{python_version}")
|
505
|
+
run_command(command, env: env)
|
511
506
|
rescue SharedHelpers::HelperSubprocessFailed => error
|
512
507
|
original_error ||= error
|
513
508
|
msg = error.message
|
@@ -521,8 +516,8 @@ module Dependabot
|
|
521
516
|
raise relevant_error if python_version.start_with?("2")
|
522
517
|
|
523
518
|
# Clear the existing virtualenv, so that we use the new Python version
|
524
|
-
run_command(
|
525
|
-
run_command(
|
519
|
+
run_command("pyenv local #{python_version}")
|
520
|
+
run_command("pyenv exec pipenv --rm")
|
526
521
|
|
527
522
|
@python_version = "2.7.16"
|
528
523
|
retry
|
@@ -3,7 +3,6 @@
|
|
3
3
|
require "excon"
|
4
4
|
require "toml-rb"
|
5
5
|
require "open3"
|
6
|
-
require "shellwords"
|
7
6
|
require "dependabot/errors"
|
8
7
|
require "dependabot/shared_helpers"
|
9
8
|
require "dependabot/python/file_parser"
|
@@ -56,15 +55,15 @@ module Dependabot
|
|
56
55
|
write_temporary_dependency_files
|
57
56
|
|
58
57
|
if python_version && !pre_installed_python?(python_version)
|
59
|
-
run_poetry_command(
|
60
|
-
run_poetry_command(
|
61
|
-
|
58
|
+
run_poetry_command("pyenv install -s #{python_version}")
|
59
|
+
run_poetry_command("pyenv exec pip install -r "\
|
60
|
+
"#{NativeHelpers.python_requirements_path}")
|
62
61
|
end
|
63
62
|
|
64
63
|
# Shell out to Poetry, which handles everything for us.
|
65
64
|
# Using `--lock` avoids doing an install.
|
66
65
|
run_poetry_command(
|
67
|
-
|
66
|
+
"pyenv exec poetry update #{dependency.name} --lock"
|
68
67
|
)
|
69
68
|
|
70
69
|
updated_lockfile =
|
@@ -106,7 +105,7 @@ module Dependabot
|
|
106
105
|
write_temporary_dependency_files(update_pyproject: false)
|
107
106
|
|
108
107
|
run_poetry_command(
|
109
|
-
|
108
|
+
"pyenv exec poetry update #{dependency.name} --lock"
|
110
109
|
)
|
111
110
|
|
112
111
|
true
|
@@ -176,7 +175,7 @@ module Dependabot
|
|
176
175
|
end
|
177
176
|
|
178
177
|
def pyenv_versions
|
179
|
-
@pyenv_versions ||= run_poetry_command(
|
178
|
+
@pyenv_versions ||= run_poetry_command("pyenv install --list")
|
180
179
|
end
|
181
180
|
|
182
181
|
def pre_installed_python?(version)
|
@@ -312,9 +311,9 @@ module Dependabot
|
|
312
311
|
dependency_files.find { |f| f.name == ".python-version" }
|
313
312
|
end
|
314
313
|
|
315
|
-
def run_poetry_command(
|
314
|
+
def run_poetry_command(command)
|
316
315
|
start = Time.now
|
317
|
-
command =
|
316
|
+
command = SharedHelpers.escape_command(command)
|
318
317
|
stdout, process = Open3.capture2e(command)
|
319
318
|
time_taken = Time.now - start
|
320
319
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.98.
|
4
|
+
version: 0.98.21
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.98.
|
19
|
+
version: 0.98.21
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.98.
|
26
|
+
version: 0.98.21
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|