dependabot-uv 0.299.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 37479ebd370ef17d7a56b2e53b0f9e94d93608fcbafdfb98a588d23f3f61c8f7
+  data.tar.gz: d3ff78147e58cf5fe353773c9bdf6c7f920c6ae73140de722827ce3f335ba30d
+SHA512:
+  metadata.gz: 413470f2e052517d9a689131997e6425bf253e13cf558a1a217b4f7322ba4cfc28e9d78436a8249e3373ef9d7531fb8b6f5480b19401fcfc61be134c334986fd
+  data.tar.gz: a8edce98cdf17c759619019ab9406c4120c67129d884da7cc7111b2d247ba426ee865e53523b75c3ecd9c5fd93eaf9944071732f37ff59111e1955ead835d556

data/helpers/build

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
+  exit 1
+fi
+
+install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/python"
+mkdir -p "$install_dir"
+
+helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
+cp -r \
+  "$helpers_dir/lib" \
+  "$helpers_dir/run.py" \
+  "$helpers_dir/requirements.txt" \
+  "$install_dir"
+
+cd "$install_dir"
+PYENV_VERSION=$1 pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+
+# Remove the extra objects added during the previous install. Based on
+# https://github.com/docker-library/python/blob/master/Dockerfile-linux.template
+# And the image docker.io/library/python
+find "${PYENV_ROOT:-/usr/local/.pyenv}/versions" -depth \
+    \( \
+    \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) \
+    -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \
+    \) -exec rm -rf '{}' +
+
+find -L "${PYENV_ROOT:-/usr/local/.pyenv}/versions" -type f  \
+    -name '*.so' \
+    -exec strip --preserve-dates {} +

data/helpers/lib/hasher.py

@@ -0,0 +1,36 @@
+import hashin
+import json
+import plette
+import traceback
+from poetry.factory import Factory
+
+
+def get_dependency_hash(dependency_name, dependency_version, algorithm,
+                        index_url=hashin.DEFAULT_INDEX_URL):
+    try:
+        hashes = hashin.get_package_hashes(
+            dependency_name,
+            version=dependency_version,
+            algorithm=algorithm,
+            index_url=index_url
+        )
+        return json.dumps({"result": hashes["hashes"]})
+    except hashin.PackageNotFoundError as e:
+        return json.dumps({
+            "error": repr(e),
+            "error_class:": e.__class__.__name__,
+            "trace:": ''.join(traceback.format_stack())
+        })
+
+
+def get_pipfile_hash(directory):
+    with open(directory + '/Pipfile') as f:
+        pipfile = plette.Pipfile.load(f)
+
+    return json.dumps({"result": pipfile.get_hash().value})
+
+
+def get_pyproject_hash(directory):
+    p = Factory().create_poetry(directory)
+
+    return json.dumps({"result": p.locker._get_content_hash()})

data/helpers/lib/parser.py

@@ -0,0 +1,270 @@
+import glob
+import io
+import json
+import os.path
+import re
+
+import configparser
+import setuptools
+import pip._internal.req.req_file
+from pip._internal.network.session import PipSession
+from pip._internal.req.constructors import (
+    install_req_from_line,
+    install_req_from_parsed_requirement,
+)
+
+from packaging.requirements import InvalidRequirement, Requirement
+# TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we
+#       drop support for Python 3.10.
+import tomli
+
+# Inspired by pips internal check:
+# https://github.com/pypa/pip/blob/0bb3ac87f5bb149bd75cceac000844128b574385/src/pip/_internal/req/req_file.py#L35
+COMMENT_RE = re.compile(r'(^|\s+)#.*$')
+
+
+def parse_pep621_dependencies(pyproject_path):
+    with open(pyproject_path, "rb") as file:
+        project_toml = tomli.load(file)
+
+    def parse_toml_section_pep621_dependencies(pyproject_path, dependencies):
+        requirement_packages = []
+
+        def version_from_req(specifier_set):
+            if (len(specifier_set) == 1 and
+                    next(iter(specifier_set)).operator in {"==", "==="}):
+                return next(iter(specifier_set)).version
+
+        for dependency in dependencies:
+            try:
+                req = Requirement(dependency)
+            except InvalidRequirement as e:
+                print(json.dumps({"error": repr(e)}))
+                exit(1)
+            else:
+                requirement_packages.append({
+                    "name": req.name,
+                    "version": version_from_req(req.specifier),
+                    "markers": str(req.marker) or None,
+                    "file": pyproject_path,
+                    "requirement": str(req.specifier),
+                    "extras": sorted(list(req.extras))
+                })
+
+        return requirement_packages
+
+    dependencies = []
+
+    if 'project' in project_toml:
+        project_section = project_toml['project']
+
+        if 'dependencies' in project_section:
+            dependencies_toml = project_section['dependencies']
+            runtime_dependencies = parse_toml_section_pep621_dependencies(
+                pyproject_path,
+                dependencies_toml
+            )
+            dependencies.extend(runtime_dependencies)
+
+        if 'optional-dependencies' in project_section:
+            optional_dependencies_toml = project_section[
+                'optional-dependencies'
+            ]
+            for group in optional_dependencies_toml:
+                group_dependencies = parse_toml_section_pep621_dependencies(
+                    pyproject_path,
+                    optional_dependencies_toml[group]
+                )
+                dependencies.extend(group_dependencies)
+
+    if 'build-system' in project_toml:
+        build_system_section = project_toml['build-system']
+        if 'requires' in build_system_section:
+            build_system_dependencies = parse_toml_section_pep621_dependencies(
+                pyproject_path,
+                build_system_section['requires']
+            )
+            dependencies.extend(build_system_dependencies)
+
+    return json.dumps({"result": dependencies})
+
+
+def parse_requirements(directory):
+    # Parse the requirements.txt
+    requirement_packages = []
+    requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
+        + glob.glob(os.path.join(directory, '**', '*.txt'))
+
+    pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
+        + glob.glob(os.path.join(directory, '**', '*.in'))
+
+    def version_from_install_req(install_req):
+        if install_req.is_pinned:
+            return next(iter(install_req.specifier)).version
+
+    for reqs_file in requirement_files + pip_compile_files:
+        try:
+            requirements = pip._internal.req.req_file.parse_requirements(
+                reqs_file,
+                session=PipSession()
+            )
+            for parsed_req in requirements:
+                install_req = install_req_from_parsed_requirement(parsed_req)
+                if install_req.req is None:
+                    continue
+
+                # Ignore file: requirements
+                if install_req.link is not None and install_req.link.is_file:
+                    continue
+
+                pattern = r"-[cr] (.*) \(line \d+\)"
+                abs_path = re.search(pattern, install_req.comes_from).group(1)
+
+                # Ignore dependencies from remote constraint files
+                if not os.path.isfile(abs_path):
+                    continue
+
+                rel_path = os.path.relpath(abs_path, directory)
+
+                requirement_packages.append({
+                    "name": install_req.req.name,
+                    "version": version_from_install_req(install_req),
+                    "markers": str(install_req.markers) or None,
+                    "file": rel_path,
+                    "requirement": str(install_req.specifier) or None,
+                    "extras": sorted(list(install_req.extras))
+                })
+        except Exception as e:
+            print(json.dumps({"error": repr(e)}))
+            exit(1)
+
+    return json.dumps({"result": requirement_packages})
+
+
+def parse_setup(directory):
+    def version_from_install_req(install_req):
+        if install_req.is_pinned:
+            return next(iter(install_req.specifier)).version
+
+    def parse_requirement(req, req_type, filename):
+        install_req = install_req_from_line(req)
+        if install_req.original_link:
+            return
+
+        setup_packages.append(
+            {
+                "name": install_req.req.name,
+                "version": version_from_install_req(install_req),
+                "markers": str(install_req.markers) or None,
+                "file": filename,
+                "requirement": str(install_req.specifier) or None,
+                "requirement_type": req_type,
+                "extras": sorted(list(install_req.extras)),
+            }
+        )
+
+    def parse_requirements(requires, req_type, filename):
+        for req in requires:
+            req = COMMENT_RE.sub('', req)
+            req = req.strip()
+            parse_requirement(req, req_type, filename)
+
+    # Parse the setup.py and setup.cfg
+    setup_py = "setup.py"
+    setup_py_path = os.path.join(directory, setup_py)
+    setup_cfg = "setup.cfg"
+    setup_cfg_path = os.path.join(directory, setup_cfg)
+    setup_packages = []
+
+    if os.path.isfile(setup_py_path):
+
+        def setup(*args, **kwargs):
+            for arg in ["setup_requires", "install_requires", "tests_require"]:
+                requires = kwargs.get(arg, [])
+                parse_requirements(requires, arg, setup_py)
+            extras_require_dict = kwargs.get("extras_require", {})
+            for key, value in extras_require_dict.items():
+                parse_requirements(
+                    value, "extras_require:{}".format(key), setup_py
+                )
+
+        setuptools.setup = setup
+
+        def noop(*args, **kwargs):
+            pass
+
+        def fake_parse(*args, **kwargs):
+            return []
+
+        global fake_open
+
+        def fake_open(*args, **kwargs):
+            content = (
+                "VERSION = ('0', '0', '1+dependabot')\n"
+                "__version__ = '0.0.1+dependabot'\n"
+                "__author__ = 'someone'\n"
+                "__title__ = 'something'\n"
+                "__description__ = 'something'\n"
+                "__author_email__ = 'something'\n"
+                "__license__ = 'something'\n"
+                "__url__ = 'something'\n"
+            )
+            return io.StringIO(content)
+
+        content = open(setup_py_path, "r").read()
+
+        # Remove `print`, `open`, `log` and import statements
+        content = re.sub(r"print\s*\(", "noop(", content)
+        content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
+        content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
+        content = content.replace("parse_requirements(", "fake_parse(")
+        version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
+        content = re.sub(version_re, "", content)
+
+        # Set variables likely to be imported
+        __version__ = "0.0.1+dependabot"
+        __author__ = "someone"
+        __title__ = "something"
+        __description__ = "something"
+        __author_email__ = "something"
+        __license__ = "something"
+        __url__ = "something"
+
+        # Run as main (since setup.py is a script)
+        __name__ = "__main__"
+
+        # Exec the setup.py
+        exec(content) in globals(), locals()
+
+    if os.path.isfile(setup_cfg_path):
+        try:
+            config = configparser.ConfigParser()
+            config.read(setup_cfg_path)
+
+            for req_type in [
+                "setup_requires",
+                "install_requires",
+                "tests_require",
+            ]:
+                requires = config.get(
+                    'options',
+                    req_type, fallback='').splitlines()
+                requires = [req for req in requires if req.strip()]
+                parse_requirements(requires, req_type, setup_cfg)
+
+            if config.has_section('options.extras_require'):
+                extras_require = config._sections['options.extras_require']
+                for key, value in extras_require.items():
+                    requires = value.splitlines()
+                    requires = [req for req in requires if req.strip()]
+                    parse_requirements(
+                        requires,
+                        f"extras_require:{key}",
+                        setup_cfg
+                    )
+
+        except Exception as e:
+            print(json.dumps({"error": repr(e)}))
+            exit(1)
+
+    return json.dumps({"result": setup_packages})

data/helpers/requirements.txt

@@ -0,0 +1,13 @@
+pip==24.0
+pip-tools==7.4.1
+flake8==7.1.0
+hashin==1.0.3
+pipenv==2024.0.2
+plette==2.1.0
+poetry==1.8.5
+# TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
+tomli==2.0.1
+uv==0.6.2
+
+# Some dependencies will only install if Cython is present
+Cython==3.0.10

data/helpers/run.py

@@ -0,0 +1,22 @@
+import sys
+import json
+
+from lib import parser, hasher
+
+if __name__ == "__main__":
+    args = json.loads(sys.stdin.read())
+
+    # TODO Python 3.10 added native switch statements, so switch this if/elif
+    # to that once we drop support for 3.9.
+    if args["function"] == "parse_requirements":
+        print(parser.parse_requirements(args["args"][0]))
+    elif args["function"] == "parse_setup":
+        print(parser.parse_setup(args["args"][0]))
+    elif args["function"] == "parse_pep621_dependencies":
+        print(parser.parse_pep621_dependencies(args["args"][0]))
+    elif args["function"] == "get_dependency_hash":
+        print(hasher.get_dependency_hash(*args["args"]))
+    elif args["function"] == "get_pipfile_hash":
+        print(hasher.get_pipfile_hash(*args["args"]))
+    elif args["function"] == "get_pyproject_hash":
+        print(hasher.get_pyproject_hash(*args["args"]))

data/lib/dependabot/uv/authed_url_builder.rb

@@ -0,0 +1,31 @@
+# typed: true
+# frozen_string_literal: true
+
+module Dependabot
+  module Uv
+    class AuthedUrlBuilder
+      def self.authed_url(credential:)
+        token = credential.fetch("token", nil)
+        url = credential.fetch("index-url", nil)
+        return "" unless url
+        return url unless token
+
+        basic_auth_details =
+          if token.ascii_only? && token.include?(":") then token
+          elsif Base64.decode64(token).ascii_only? &&
+                Base64.decode64(token).include?(":")
+            Base64.decode64(token)
+          else
+            token
+          end
+
+        if basic_auth_details.include?(":")
+          username, _, password = basic_auth_details.partition(":")
+          basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
+        end
+
+        url.sub("://", "://#{basic_auth_details}@")
+      end
+    end
+  end
+end