diff --git a/requirements-dev.txt b/requirements-dev.txt index 7741277b..80a89653 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -7,7 +7,7 @@ cryptography==37.0.2 dataclasses==0.8 docutils==0.18.1 et-xmlfile==1.1.0 -execnet==1.9.0 +execnet==2.1.1 importlib-resources==5.4.0 iniconfig==1.1.1 isort==5.10.1 @@ -21,14 +21,15 @@ openpyxl==3.0.10 pathspec==0.9.0 pkginfo==1.8.3 platformdirs==2.4.0 -pluggy==1.0.0 +pluggy==1.6.0 py==1.11.0 pycodestyle==2.8.0 pycparser==2.21 pygments==2.12.0 -pytest==7.0.1 -pytest-forked==1.4.0 -pytest-xdist==2.5.0 +pytest==8.4.0 +pytest-xdist==3.7.0 +pytest-forked==1.6.0 +pytest-rerunfailures==15.1 readme-renderer==34.0 requests-toolbelt==0.9.1 rfc3986==1.5.0 @@ -39,4 +40,4 @@ tqdm==4.64.0 twine==3.8.0 typed-ast==1.5.4 webencodings==0.5.1 -pytest-asyncio==0.21.1 +pytest-asyncio==1.0.0 diff --git a/requirements.txt b/requirements.txt index 8983c3ab..19a22192 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,6 +6,7 @@ click==8.1.3 colorama==0.4.5 commoncode==30.2.0 dparse2==0.7.0 +fasteners==0.17.3 idna==3.3 importlib-metadata==4.12.0 intbitset==3.1.0 @@ -26,5 +27,5 @@ text-unidecode==1.3 toml==0.10.2 urllib3==1.26.11 zipp==3.8.1 -aiohttp==3.11.14 -aiofiles==23.2.1 +aiohttp==3.12.7 +aiofiles==24.1.0 diff --git a/setup.cfg b/setup.cfg index a4eead5c..c40a94af 100644 --- a/setup.cfg +++ b/setup.cfg @@ -59,6 +59,7 @@ install_requires = colorama >= 0.3.9 commoncode >= 30.0.0 dparse2 >= 0.7.0 + fasteners >= 0.17.3 importlib_metadata >= 4.12.0 packageurl_python >= 0.9.0 pkginfo2 >= 30.0.0 diff --git a/src/python_inspector/api.py b/src/python_inspector/api.py index 201338ea..47b2f272 100644 --- a/src/python_inspector/api.py +++ b/src/python_inspector/api.py @@ -29,7 +29,7 @@ from _packagedcode.pypi import can_process_dependent_package from _packagedcode.pypi import get_resolved_purl from python_inspector import dependencies -from python_inspector import pyinspector_settings as settings +from python_inspector import pyinspector_settings from python_inspector import utils from python_inspector import utils_pypi from python_inspector.package_data import get_pypi_data_from_purl @@ -82,7 +82,7 @@ def resolve_dependencies( specifiers=tuple(), python_version=None, operating_system=None, - index_urls: tuple[str, ...] = settings.INDEX_URL, + index_urls: tuple[str, ...] = pyinspector_settings.INDEX_URL, pdt_output=None, netrc_file=None, max_rounds=200000, @@ -251,10 +251,10 @@ def resolve_dependencies( repos_by_url = {} if not use_pypi_json_api: # Collect PyPI repos - use_only_confed = settings.USE_ONLY_CONFIGURED_INDEX_URLS + use_only_confed = pyinspector_settings.USE_ONLY_CONFIGURED_INDEX_URLS for index_url in index_urls: index_url = index_url.strip("/") - if use_only_confed and index_url not in settings.INDEX_URL: + if use_only_confed and index_url not in pyinspector_settings.INDEX_URL: if verbose: printer(f"Skipping index URL unknown in settings: {index_url!r}") continue diff --git a/src/python_inspector/lockfile.py b/src/python_inspector/lockfile.py new file mode 100644 index 00000000..cc3d755e --- /dev/null +++ b/src/python_inspector/lockfile.py @@ -0,0 +1,32 @@ +# +# Copyright (c) nexB Inc. and others. All rights reserved. +# ScanCode is a trademark of nexB Inc. +# SPDX-License-Identifier: Apache-2.0 +# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. +# See https://github.com/nexB/scancode-toolkit for support or download. +# See https://aboutcode.org for more information about nexB OSS projects. +# + +from contextlib import contextmanager + +import fasteners + +""" +An interprocess lockfile with a timeout. +""" + + +class LockTimeout(Exception): + pass + + +class FileLock(fasteners.InterProcessLock): + @contextmanager + def locked(self, timeout): + acquired = self.acquire(timeout=timeout) + if not acquired: + raise LockTimeout(timeout) + try: + yield + finally: + self.release() diff --git a/src/python_inspector/resolve_cli.py b/src/python_inspector/resolve_cli.py index 29044e2e..299625cc 100644 --- a/src/python_inspector/resolve_cli.py +++ b/src/python_inspector/resolve_cli.py @@ -13,16 +13,17 @@ import click -from python_inspector import pyinspector_settings as settings +from python_inspector import settings from python_inspector import utils_pypi from python_inspector.cli_utils import FileOptionType from python_inspector.utils import write_output_in_file TRACE = False -__version__ = "0.13.0" +__version__ = "0.14.0" DEFAULT_PYTHON_VERSION = settings.DEFAULT_PYTHON_VERSION +PYPI_SIMPLE_URL = settings.PYPI_SIMPLE_URL def print_version(ctx, param, value): @@ -71,7 +72,6 @@ def print_version(ctx, param, value): "python_version", type=click.Choice(utils_pypi.valid_python_versions), metavar="PYVER", - default=settings.DEFAULT_PYTHON_VERSION, show_default=True, required=True, help="Python version to use for dependency resolution. One of " @@ -83,7 +83,6 @@ def print_version(ctx, param, value): "operating_system", type=click.Choice(utils_pypi.PLATFORMS_BY_OS), metavar="OS", - default=settings.DEFAULT_OS, show_default=True, required=True, help="OS to use for dependency resolution. One of " + ", ".join(utils_pypi.PLATFORMS_BY_OS), @@ -91,11 +90,11 @@ def print_version(ctx, param, value): @click.option( "--index-url", "index_urls", - envvar="PYINSP_INDEX_URL", type=str, metavar="INDEX", show_default=True, - default=tuple(settings.INDEX_URL), + # since multiple is True, this is a sequence + default=[settings.PYPI_SIMPLE_URL], multiple=True, help="PyPI simple index URL(s) to use in order of preference. " "This option can be used multiple times.", @@ -123,7 +122,6 @@ def print_version(ctx, param, value): "--netrc", "netrc_file", type=click.Path(exists=True, readable=True, path_type=str, dir_okay=False), - envvar="PYINSP_NETRC_FILE", metavar="NETRC-FILE", hidden=True, required=False, @@ -165,7 +163,6 @@ def print_version(ctx, param, value): ) @click.option( "--verbose", - envvar="PYINSP_VERBOSE", is_flag=True, help="Enable verbose debug output.", ) diff --git a/src/python_inspector/settings.py b/src/python_inspector/settings.py index ce1f424c..524be390 100644 --- a/src/python_inspector/settings.py +++ b/src/python_inspector/settings.py @@ -13,6 +13,9 @@ from pydantic_settings import BaseSettings from pydantic_settings import SettingsConfigDict +DEFAULT_PYTHON_VERSION = "39" +PYPI_SIMPLE_URL = "https://pypi.org/simple" + class Settings(BaseSettings): """ @@ -27,16 +30,18 @@ class Settings(BaseSettings): env_prefix="PYINSP_", case_sensitive=True, extra="allow", + # never treat data as JSON + enable_decoding=False, ) # the default Python version to use if none is provided - DEFAULT_PYTHON_VERSION: str = "39" + DEFAULT_PYTHON_VERSION: str = DEFAULT_PYTHON_VERSION # the default OS to use if none is provided DEFAULT_OS: str = "linux" - # a list of PyPI simple index URLs. Use a JSON array to represent multiple URLs - INDEX_URL: tuple[str, ...] = ("https://pypi.org/simple",) + # a string with a tuple of PyPI simple index URLs, each separated by a space + INDEX_URL: tuple[str, ...] = (PYPI_SIMPLE_URL,) # If True, only uses configured INDEX_URLs listed above and ignore other URLs found in requirements USE_ONLY_CONFIGURED_INDEX_URLS: bool = False @@ -44,11 +49,11 @@ class Settings(BaseSettings): # a path string where to store the cached downloads. Will be created if it does not exists. CACHE_THIRDPARTY_DIR: str = str(Path(Path.home() / ".cache/python_inspector")) - @field_validator("INDEX_URL") + @field_validator("INDEX_URL", mode="before") @classmethod def validate_index_url(cls, value): if isinstance(value, str): - return (value,) + return tuple(value.split()) elif isinstance(value, (tuple, list)): return tuple(value) else: diff --git a/src/python_inspector/utils_pypi.py b/src/python_inspector/utils_pypi.py index 6a8ea331..2ca750ff 100644 --- a/src/python_inspector/utils_pypi.py +++ b/src/python_inspector/utils_pypi.py @@ -41,6 +41,7 @@ from packvers import version as packaging_version from packvers.specifiers import SpecifierSet +from python_inspector import lockfile from python_inspector import pyinspector_settings as settings from python_inspector import utils_pip_compatibility_tags @@ -1650,6 +1651,8 @@ def resolve_relative_url(package_url, url): # ################################################################################ +PYINSP_CACHE_LOCK_TIMEOUT = 120 # in seconds + @attr.attributes class Cache: @@ -1681,6 +1684,7 @@ async def get( True otherwise as treat as binary. `path_or_url` can be a path or a URL to a file. """ + # the cache key is a hash of the normalized path cache_key = self.sha256_hash(quote_plus(path_or_url.strip("/"))) cached = os.path.join(self.directory, cache_key) @@ -1695,8 +1699,13 @@ async def get( echo_func=echo_func, ) wmode = "w" if as_text else "wb" - async with aiofiles.open(cached, mode=wmode) as fo: - await fo.write(content) + + # acquire lock and wait until timeout to get a lock or die + lock_file = os.path.join(self.directory, f"{cache_key}.lockfile") + + with lockfile.FileLock(lock_file).locked(timeout=PYINSP_CACHE_LOCK_TIMEOUT): + async with aiofiles.open(cached, mode=wmode) as fo: + await fo.write(content) return content, cached else: if TRACE_DEEP: diff --git a/tests/data/pinned-pdt-requirements.txt-expected.json b/tests/data/pinned-pdt-requirements.txt-expected.json index 3ea67301..32df5608 100644 --- a/tests/data/pinned-pdt-requirements.txt-expected.json +++ b/tests/data/pinned-pdt-requirements.txt-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--json-pdt ", diff --git a/tests/data/pinned-requirements.txt-expected.json b/tests/data/pinned-requirements.txt-expected.json index 0cdd7c90..19780ecd 100644 --- a/tests/data/pinned-requirements.txt-expected.json +++ b/tests/data/pinned-requirements.txt-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--json ", diff --git a/tests/data/single-url-env-var-except-simple-expected.json b/tests/data/single-url-env-var-except-simple-expected.json new file mode 100644 index 00000000..1734ba53 --- /dev/null +++ b/tests/data/single-url-env-var-except-simple-expected.json @@ -0,0 +1,577 @@ +{ + "headers": { + "tool_name": "python-inspector", + "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", + "options": [ + "--index-url https://pypi.org/simple", + "--json ", + "--operating-system linux", + "--python-version 38", + "--specifier flask" + ], + "notice": "Dependency tree generated with python-inspector.\npython-inspector is a free software tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/python-inspector/ for support and download.", + "warnings": [], + "errors": [] + }, + "files": [], + "packages": [ + { + "type": "pypi", + "namespace": null, + "name": "blinker", + "version": "1.8.2", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Fast, simple object-to-object and broadcast signaling\n# Blinker\n\nBlinker provides a fast dispatching system that allows any number of\ninterested parties to subscribe to events, or \"signals\".\n\n\n## Pallets Community Ecosystem\n\n> [!IMPORTANT]\\\n> This project is part of the Pallets Community Ecosystem. Pallets is the open\n> source organization that maintains Flask; Pallets-Eco enables community\n> maintenance of related projects. If you are interested in helping maintain\n> this project, please reach out on [the Pallets Discord server][discord].\n>\n> [discord]: https://discord.gg/pallets\n\n\n## Example\n\nSignal receivers can subscribe to specific senders or receive signals\nsent by any sender.\n\n```pycon\n>>> from blinker import signal\n>>> started = signal('round-started')\n>>> def each(round):\n... print(f\"Round {round}\")\n...\n>>> started.connect(each)\n\n>>> def round_two(round):\n... print(\"This is round two.\")\n...\n>>> started.connect(round_two, sender=2)\n\n>>> for round in range(1, 4):\n... started.send(round)\n...\nRound 1!\nRound 2!\nThis is round two.\nRound 3!\n```", + "release_date": "2024-05-06T17:04:08", + "parties": [ + { + "type": "person", + "role": "author", + "name": "Jason Kirtland", + "email": null, + "url": null + }, + { + "type": "person", + "role": "maintainer", + "name": null, + "email": "Pallets Ecosystem ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Programming Language :: Python", + "Typing :: Typed" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/bb/2a/10164ed1f31196a2f7f3799368a821765c62851ead0e630ab52b8e14b4d0/blinker-1.8.2-py3-none-any.whl", + "size": 9456, + "sha1": null, + "md5": "453ec9473100de91897d16e4ae568139", + "sha256": "1779309f71bf239144b9399d06ae925637cf6634cf6bd131104184531bf67c01", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/pallets-eco/blinker/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: MIT License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/blinker/1.8.2/json", + "datasource_id": null, + "purl": "pkg:pypi/blinker@1.8.2" + }, + { + "type": "pypi", + "namespace": null, + "name": "click", + "version": "8.1.8", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Composable command line interface toolkit\n# $ click_\n\nClick is a Python package for creating beautiful command line interfaces\nin a composable way with as little code as necessary. It's the \"Command\nLine Interface Creation Kit\". It's highly configurable but comes with\nsensible defaults out of the box.\n\nIt aims to make the process of writing command line tools quick and fun\nwhile also preventing any frustration caused by the inability to\nimplement an intended CLI API.\n\nClick in three points:\n\n- Arbitrary nesting of commands\n- Automatic help page generation\n- Supports lazy loading of subcommands at runtime\n\n\n## A Simple Example\n\n```python\nimport click\n\n@click.command()\n@click.option(\"--count\", default=1, help=\"Number of greetings.\")\n@click.option(\"--name\", prompt=\"Your name\", help=\"The person to greet.\")\ndef hello(count, name):\n \"\"\"Simple program that greets NAME for a total of COUNT times.\"\"\"\n for _ in range(count):\n click.echo(f\"Hello, {name}!\")\n\nif __name__ == '__main__':\n hello()\n```\n\n```\n$ python hello.py --count=3\nYour name: Click\nHello, Click!\nHello, Click!\nHello, Click!\n```\n\n\n## Donate\n\nThe Pallets organization develops and supports Click and other popular\npackages. In order to grow the community of contributors and users, and\nallow the maintainers to devote more time to the projects, [please\ndonate today][].\n\n[please donate today]: https://palletsprojects.com/donate", + "release_date": "2024-12-21T18:38:41", + "parties": [ + { + "type": "person", + "role": "maintainer", + "name": null, + "email": "Pallets ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Typing :: Typed" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/7e/d4/7ebdbd03970677812aac39c869717059dbb71a4cfc033ca6e5221787892c/click-8.1.8-py3-none-any.whl", + "size": 98188, + "sha1": null, + "md5": "7dc0eee374f3bb75bcce4c9dd4222f5f", + "sha256": "63c132bbbed01578a06712a2d1f497bb62d9c1c0d329b7903a866228027263b2", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/pallets/click/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: BSD License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/click/8.1.8/json", + "datasource_id": null, + "purl": "pkg:pypi/click@8.1.8" + }, + { + "type": "pypi", + "namespace": null, + "name": "flask", + "version": "3.0.3", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "A simple framework for building complex web applications.\n# Flask\n\nFlask is a lightweight [WSGI][] web application framework. It is designed\nto make getting started quick and easy, with the ability to scale up to\ncomplex applications. It began as a simple wrapper around [Werkzeug][]\nand [Jinja][], and has become one of the most popular Python web\napplication frameworks.\n\nFlask offers suggestions, but doesn't enforce any dependencies or\nproject layout. It is up to the developer to choose the tools and\nlibraries they want to use. There are many extensions provided by the\ncommunity that make adding new functionality easy.\n\n[WSGI]: https://wsgi.readthedocs.io/\n[Werkzeug]: https://werkzeug.palletsprojects.com/\n[Jinja]: https://jinja.palletsprojects.com/\n\n\n## Installing\n\nInstall and update from [PyPI][] using an installer such as [pip][]:\n\n```\n$ pip install -U Flask\n```\n\n[PyPI]: https://pypi.org/project/Flask/\n[pip]: https://pip.pypa.io/en/stable/getting-started/\n\n\n## A Simple Example\n\n```python\n# save this as app.py\nfrom flask import Flask\n\napp = Flask(__name__)\n\n@app.route(\"/\")\ndef hello():\n return \"Hello, World!\"\n```\n\n```\n$ flask run\n * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)\n```\n\n\n## Contributing\n\nFor guidance on setting up a development environment and how to make a\ncontribution to Flask, see the [contributing guidelines][].\n\n[contributing guidelines]: https://github.com/pallets/flask/blob/main/CONTRIBUTING.rst\n\n\n## Donate\n\nThe Pallets organization develops and supports Flask and the libraries\nit uses. In order to grow the community of contributors and users, and\nallow the maintainers to devote more time to the projects, [please\ndonate today][].\n\n[please donate today]: https://palletsprojects.com/donate", + "release_date": "2024-04-07T19:26:08", + "parties": [ + { + "type": "person", + "role": "maintainer", + "name": null, + "email": "Pallets ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Environment :: Web Environment", + "Framework :: Flask", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Topic :: Internet :: WWW/HTTP :: Dynamic Content", + "Topic :: Internet :: WWW/HTTP :: WSGI", + "Topic :: Internet :: WWW/HTTP :: WSGI :: Application", + "Topic :: Software Development :: Libraries :: Application Frameworks", + "Typing :: Typed" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/61/80/ffe1da13ad9300f87c93af113edd0638c75138c42a0994becfacac078c06/flask-3.0.3-py3-none-any.whl", + "size": 101735, + "sha1": null, + "md5": "fe39440012a05441fa61d70e92d81754", + "sha256": "34e815dfaa43340d1d15a5c3a02b8476004037eb4840b34910c6e21679d288f3", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/pallets/flask/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: BSD License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/flask/3.0.3/json", + "datasource_id": null, + "purl": "pkg:pypi/flask@3.0.3" + }, + { + "type": "pypi", + "namespace": null, + "name": "importlib-metadata", + "version": "8.5.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Read metadata from Python packages\n.. image:: https://img.shields.io/pypi/v/importlib_metadata.svg\n :target: https://pypi.org/project/importlib_metadata\n\n.. image:: https://img.shields.io/pypi/pyversions/importlib_metadata.svg\n\n.. image:: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg\n :target: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets/badge/v2.json\n :target: https://github.com/astral-sh/ruff\n :alt: Ruff\n\n.. image:: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest\n :target: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2024-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/importlib-metadata\n :target: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm_medium=readme\n\nLibrary to access the metadata for a Python package.\n\nThis package supplies third-party access to the functionality of\n`importlib.metadata `_\nincluding improvements added to subsequent Python versions.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - importlib_metadata\n - stdlib\n * - 7.0\n - 3.13\n * - 6.5\n - 3.12\n * - 4.13\n - 3.11\n * - 4.6\n - 3.10\n * - 1.4\n - 3.8\n\n\nUsage\n=====\n\nSee the `online documentation `_\nfor usage details.\n\n`Finder authors\n`_ can\nalso add support for custom package installers. See the above documentation\nfor details.\n\n\nCaveats\n=======\n\nThis project primarily supports third-party packages installed by PyPA\ntools (or other conforming packages). It does not support:\n\n- Packages in the stdlib.\n- Packages installed without metadata.\n\nProject details\n===============\n\n * Project home: https://github.com/python/importlib_metadata\n * Report bugs at: https://github.com/python/importlib_metadata/issues\n * Code hosting: https://github.com/python/importlib_metadata\n * Documentation: https://importlib-metadata.readthedocs.io/\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.", + "release_date": "2024-09-11T14:56:07", + "parties": [ + { + "type": "person", + "role": "author", + "name": null, + "email": "\"Jason R. Coombs\" ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/a0/d9/a1e041c5e7caa9a05c925f4bdbdfb7f006d1f74996af53467bc394c97be7/importlib_metadata-8.5.0-py3-none-any.whl", + "size": 26514, + "sha1": null, + "md5": "d789397620f689e98c39c165f8d62a19", + "sha256": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/python/importlib_metadata", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: Apache Software License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/importlib-metadata/8.5.0/json", + "datasource_id": null, + "purl": "pkg:pypi/importlib-metadata@8.5.0" + }, + { + "type": "pypi", + "namespace": null, + "name": "itsdangerous", + "version": "2.2.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Safely pass data to untrusted environments and back.\n# ItsDangerous\n\n... so better sign this\n\nVarious helpers to pass data to untrusted environments and to get it\nback safe and sound. Data is cryptographically signed to ensure that a\ntoken has not been tampered with.\n\nIt's possible to customize how data is serialized. Data is compressed as\nneeded. A timestamp can be added and verified automatically while\nloading a token.\n\n\n## A Simple Example\n\nHere's how you could generate a token for transmitting a user's id and\nname between web requests.\n\n```python\nfrom itsdangerous import URLSafeSerializer\nauth_s = URLSafeSerializer(\"secret key\", \"auth\")\ntoken = auth_s.dumps({\"id\": 5, \"name\": \"itsdangerous\"})\n\nprint(token)\n# eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg\n\ndata = auth_s.loads(token)\nprint(data[\"name\"])\n# itsdangerous\n```\n\n\n## Donate\n\nThe Pallets organization develops and supports ItsDangerous and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n[please donate today][].\n\n[please donate today]: https://palletsprojects.com/donate", + "release_date": "2024-04-16T21:28:14", + "parties": [ + { + "type": "person", + "role": "maintainer", + "name": null, + "email": "Pallets ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Typing :: Typed" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/04/96/92447566d16df59b2a776c0fb82dbc4d9e07cd95062562af01e408583fc4/itsdangerous-2.2.0-py3-none-any.whl", + "size": 16234, + "sha1": null, + "md5": "22e41bfb2008481e855f1693a9df4c54", + "sha256": "c6242fc49e35958c8b15141343aa660db5fc54d4f13a1db01a3f5891b98700ef", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/pallets/itsdangerous/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: BSD License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/itsdangerous/2.2.0/json", + "datasource_id": null, + "purl": "pkg:pypi/itsdangerous@2.2.0" + }, + { + "type": "pypi", + "namespace": null, + "name": "jinja2", + "version": "3.1.6", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "A very fast and expressive template engine.\n# Jinja\n\nJinja is a fast, expressive, extensible templating engine. Special\nplaceholders in the template allow writing code similar to Python\nsyntax. Then the template is passed data to render the final document.\n\nIt includes:\n\n- Template inheritance and inclusion.\n- Define and import macros within templates.\n- HTML templates can use autoescaping to prevent XSS from untrusted\n user input.\n- A sandboxed environment can safely render untrusted templates.\n- AsyncIO support for generating templates and calling async\n functions.\n- I18N support with Babel.\n- Templates are compiled to optimized Python code just-in-time and\n cached, or can be compiled ahead-of-time.\n- Exceptions point to the correct line in templates to make debugging\n easier.\n- Extensible filters, tests, functions, and even syntax.\n\nJinja's philosophy is that while application logic belongs in Python if\npossible, it shouldn't make the template designer's job difficult by\nrestricting functionality too much.\n\n\n## In A Nutshell\n\n```jinja\n{% extends \"base.html\" %}\n{% block title %}Members{% endblock %}\n{% block content %}\n \n{% endblock %}\n```\n\n## Donate\n\nThe Pallets organization develops and supports Jinja and other popular\npackages. In order to grow the community of contributors and users, and\nallow the maintainers to devote more time to the projects, [please\ndonate today][].\n\n[please donate today]: https://palletsprojects.com/donate\n\n## Contributing\n\nSee our [detailed contributing documentation][contrib] for many ways to\ncontribute, including reporting issues, requesting features, asking or answering\nquestions, and making PRs.\n\n[contrib]: https://palletsprojects.com/contributing/", + "release_date": "2025-03-05T20:05:00", + "parties": [ + { + "type": "person", + "role": "maintainer", + "name": null, + "email": "Pallets ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Environment :: Web Environment", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Topic :: Internet :: WWW/HTTP :: Dynamic Content", + "Topic :: Text Processing :: Markup :: HTML", + "Typing :: Typed" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/62/a1/3d680cbfd5f4b8f15abc1d571870c5fc3e594bb582bc3b64ea099db13e56/jinja2-3.1.6-py3-none-any.whl", + "size": 134899, + "sha1": null, + "md5": "845b37cea56edd0f4dbd949244e9d798", + "sha256": "85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/pallets/jinja/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: BSD License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/jinja2/3.1.6/json", + "datasource_id": null, + "purl": "pkg:pypi/jinja2@3.1.6" + }, + { + "type": "pypi", + "namespace": null, + "name": "markupsafe", + "version": "2.1.5", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Safely add untrusted strings to HTML/XML markup.\nMarkupSafe\n==========\n\nMarkupSafe implements a text object that escapes characters so it is\nsafe to use in HTML and XML. Characters that have special meanings are\nreplaced so that they display as the actual characters. This mitigates\ninjection attacks, meaning untrusted user input can safely be displayed\non a page.\n\n\nInstalling\n----------\n\nInstall and update using `pip`_:\n\n.. code-block:: text\n\n pip install -U MarkupSafe\n\n.. _pip: https://pip.pypa.io/en/stable/getting-started/\n\n\nExamples\n--------\n\n.. code-block:: pycon\n\n >>> from markupsafe import Markup, escape\n\n >>> # escape replaces special characters and wraps in Markup\n >>> escape(\"\")\n Markup('<script>alert(document.cookie);</script>')\n\n >>> # wrap in Markup to mark text \"safe\" and prevent escaping\n >>> Markup(\"Hello\")\n Markup('hello')\n\n >>> escape(Markup(\"Hello\"))\n Markup('hello')\n\n >>> # Markup is a str subclass\n >>> # methods and operators escape their arguments\n >>> template = Markup(\"Hello {name}\")\n >>> template.format(name='\"World\"')\n Markup('Hello "World"')\n\n\nDonate\n------\n\nThe Pallets organization develops and supports MarkupSafe and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n`please donate today`_.\n\n.. _please donate today: https://palletsprojects.com/donate\n\n\nLinks\n-----\n\n- Documentation: https://markupsafe.palletsprojects.com/\n- Changes: https://markupsafe.palletsprojects.com/changes/\n- PyPI Releases: https://pypi.org/project/MarkupSafe/\n- Source Code: https://github.com/pallets/markupsafe/\n- Issue Tracker: https://github.com/pallets/markupsafe/issues/\n- Chat: https://discord.gg/pallets", + "release_date": "2024-02-02T16:31:01", + "parties": [ + { + "type": "person", + "role": "maintainer", + "name": "Pallets", + "email": "contact@palletsprojects.com", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Environment :: Web Environment", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Topic :: Internet :: WWW/HTTP :: Dynamic Content", + "Topic :: Text Processing :: Markup :: HTML" + ], + "homepage_url": "https://palletsprojects.com/p/markupsafe/", + "download_url": "https://files.pythonhosted.org/packages/c7/bd/50319665ce81bb10e90d1cf76f9e1aa269ea6f7fa30ab4521f14d122a3df/MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "size": 26106, + "sha1": null, + "md5": "4f97754a1154496e5bc9d3f21fb0315a", + "sha256": "fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab", + "sha512": null, + "bug_tracking_url": "https://github.com/pallets/markupsafe/issues/", + "code_view_url": "https://github.com/pallets/markupsafe/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "license": "BSD-3-Clause", + "classifiers": [ + "License :: OSI Approved :: BSD License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/markupsafe/2.1.5/json", + "datasource_id": null, + "purl": "pkg:pypi/markupsafe@2.1.5" + }, + { + "type": "pypi", + "namespace": null, + "name": "werkzeug", + "version": "3.0.6", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "The comprehensive WSGI web application library.\n# Werkzeug\n\n*werkzeug* German noun: \"tool\". Etymology: *werk* (\"work\"), *zeug* (\"stuff\")\n\nWerkzeug is a comprehensive [WSGI][] web application library. It began as\na simple collection of various utilities for WSGI applications and has\nbecome one of the most advanced WSGI utility libraries.\n\nIt includes:\n\n- An interactive debugger that allows inspecting stack traces and\n source code in the browser with an interactive interpreter for any\n frame in the stack.\n- A full-featured request object with objects to interact with\n headers, query args, form data, files, and cookies.\n- A response object that can wrap other WSGI applications and handle\n streaming data.\n- A routing system for matching URLs to endpoints and generating URLs\n for endpoints, with an extensible system for capturing variables\n from URLs.\n- HTTP utilities to handle entity tags, cache control, dates, user\n agents, cookies, files, and more.\n- A threaded WSGI server for use while developing applications\n locally.\n- A test client for simulating HTTP requests during testing without\n requiring running a server.\n\nWerkzeug doesn't enforce any dependencies. It is up to the developer to\nchoose a template engine, database adapter, and even how to handle\nrequests. It can be used to build all sorts of end user applications\nsuch as blogs, wikis, or bulletin boards.\n\n[Flask][] wraps Werkzeug, using it to handle the details of WSGI while\nproviding more structure and patterns for defining powerful\napplications.\n\n[WSGI]: https://wsgi.readthedocs.io/en/latest/\n[Flask]: https://www.palletsprojects.com/p/flask/\n\n\n## A Simple Example\n\n```python\n# save this as app.py\nfrom werkzeug.wrappers import Request, Response\n\n@Request.application\ndef application(request: Request) -> Response:\n return Response(\"Hello, World!\")\n\nif __name__ == \"__main__\":\n from werkzeug.serving import run_simple\n run_simple(\"127.0.0.1\", 5000, application)\n```\n\n```\n$ python -m app\n * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)\n```\n\n\n## Donate\n\nThe Pallets organization develops and supports Werkzeug and other\npopular packages. In order to grow the community of contributors and\nusers, and allow the maintainers to devote more time to the projects,\n[please donate today][].\n\n[please donate today]: https://palletsprojects.com/donate", + "release_date": "2024-10-25T18:52:30", + "parties": [ + { + "type": "person", + "role": "maintainer", + "name": null, + "email": "Pallets ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Environment :: Web Environment", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Topic :: Internet :: WWW/HTTP :: Dynamic Content", + "Topic :: Internet :: WWW/HTTP :: WSGI", + "Topic :: Internet :: WWW/HTTP :: WSGI :: Application", + "Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware", + "Topic :: Software Development :: Libraries :: Application Frameworks", + "Typing :: Typed" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/6c/69/05837f91dfe42109203ffa3e488214ff86a6d68b2ed6c167da6cdc42349b/werkzeug-3.0.6-py3-none-any.whl", + "size": 227979, + "sha1": null, + "md5": "d3f14fb88a8a4ed4afe787c6e115733a", + "sha256": "1bc0c2310d2fbb07b1dd1105eba2f7af72f322e1e455f2f93c993bee8c8a5f17", + "sha512": null, + "bug_tracking_url": "https://github.com/pallets/werkzeug/issues/", + "code_view_url": "https://github.com/pallets/werkzeug/", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: BSD License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/werkzeug/3.0.6/json", + "datasource_id": null, + "purl": "pkg:pypi/werkzeug@3.0.6" + }, + { + "type": "pypi", + "namespace": null, + "name": "zipp", + "version": "3.20.2", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Backport of pathlib-compatible object wrapper for zip files\n.. image:: https://img.shields.io/pypi/v/zipp.svg\n :target: https://pypi.org/project/zipp\n\n.. image:: https://img.shields.io/pypi/pyversions/zipp.svg\n\n.. image:: https://github.com/jaraco/zipp/actions/workflows/main.yml/badge.svg\n :target: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets/badge/v2.json\n :target: https://github.com/astral-sh/ruff\n :alt: Ruff\n\n.. image:: https://readthedocs.org/projects/zipp/badge/?version=latest\n.. :target: https://zipp.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2024-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/zipp\n :target: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme\n\n\nA pathlib-compatible Zipfile object wrapper. Official backport of the standard library\n`Path object `_.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - zipp\n - stdlib\n * - 3.18\n - 3.13\n * - 3.16\n - 3.12\n * - 3.5\n - 3.11\n * - 3.2\n - 3.10\n * - 3.3 ??\n - 3.9\n * - 1.0\n - 3.8\n\n\nUsage\n=====\n\nUse ``zipp.Path`` in place of ``zipfile.Path`` on any Python.\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.", + "release_date": "2024-09-13T13:44:14", + "parties": [ + { + "type": "person", + "role": "author", + "name": null, + "email": "\"Jason R. Coombs\" ", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only" + ], + "homepage_url": null, + "download_url": "https://files.pythonhosted.org/packages/62/8b/5ba542fa83c90e09eac972fc9baca7a88e7e7ca4b221a89251954019308b/zipp-3.20.2-py3-none-any.whl", + "size": 9200, + "sha1": null, + "md5": "b96cde46ce0c9dcecfe645f53427e715", + "sha256": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": "https://github.com/jaraco/zipp", + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: MIT License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/zipp/3.20.2/json", + "datasource_id": null, + "purl": "pkg:pypi/zipp@3.20.2" + } + ], + "resolved_dependencies_graph": [ + { + "package": "pkg:pypi/blinker@1.8.2", + "dependencies": [] + }, + { + "package": "pkg:pypi/click@8.1.8", + "dependencies": [] + }, + { + "package": "pkg:pypi/flask@3.0.3", + "dependencies": [ + "pkg:pypi/blinker@1.8.2", + "pkg:pypi/click@8.1.8", + "pkg:pypi/importlib-metadata@8.5.0", + "pkg:pypi/itsdangerous@2.2.0", + "pkg:pypi/jinja2@3.1.6", + "pkg:pypi/werkzeug@3.0.6" + ] + }, + { + "package": "pkg:pypi/importlib-metadata@8.5.0", + "dependencies": [ + "pkg:pypi/zipp@3.20.2" + ] + }, + { + "package": "pkg:pypi/itsdangerous@2.2.0", + "dependencies": [] + }, + { + "package": "pkg:pypi/jinja2@3.1.6", + "dependencies": [ + "pkg:pypi/markupsafe@2.1.5" + ] + }, + { + "package": "pkg:pypi/markupsafe@2.1.5", + "dependencies": [] + }, + { + "package": "pkg:pypi/werkzeug@3.0.6", + "dependencies": [ + "pkg:pypi/markupsafe@2.1.5" + ] + }, + { + "package": "pkg:pypi/zipp@3.20.2", + "dependencies": [] + } + ] +} \ No newline at end of file diff --git a/tests/data/tilde_req-expected-env.json b/tests/data/tilde_req-expected-env.json new file mode 100644 index 00000000..9ea720fa --- /dev/null +++ b/tests/data/tilde_req-expected-env.json @@ -0,0 +1,78 @@ +{ + "headers": { + "tool_name": "python-inspector", + "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", + "options": [ + "--index-url https://pypi.org/simple", + "--json ", + "--operating-system linux", + "--python-version 38", + "--specifier zipp~=3.8.0" + ], + "notice": "Dependency tree generated with python-inspector.\npython-inspector is a free software tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/python-inspector/ for support and download.", + "warnings": [], + "errors": [] + }, + "files": [], + "packages": [ + { + "type": "pypi", + "namespace": null, + "name": "zipp", + "version": "3.8.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Backport of pathlib-compatible object wrapper for zip files\n.. image:: https://img.shields.io/pypi/v/zipp.svg\n :target: `PyPI link`_\n\n.. image:: https://img.shields.io/pypi/pyversions/zipp.svg\n :target: `PyPI link`_\n\n.. _PyPI link: https://pypi.org/project/zipp\n\n.. image:: https://github.com/jaraco/zipp/workflows/tests/badge.svg\n :target: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n :target: https://github.com/psf/black\n :alt: Code style: Black\n\n.. .. image:: https://readthedocs.org/projects/skeleton/badge/?version=latest\n.. :target: https://skeleton.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2022-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/zipp\n :target: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme\n\n\nA pathlib-compatible Zipfile object wrapper. Official backport of the standard library\n`Path object `_.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - zipp\n - stdlib\n * - 3.5\n - 3.11\n * - 3.3\n - 3.9\n * - 1.0\n - 3.8\n\n\nUsage\n=====\n\nUse ``zipp.Path`` in place of ``zipfile.Path`` on any Python.\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.\n\nSecurity Contact\n================\n\nTo report a security vulnerability, please use the\n`Tidelift security contact `_.\nTidelift will coordinate the fix and disclosure.", + "release_date": "2022-07-12T14:21:20", + "parties": [ + { + "type": "person", + "role": "author", + "name": "Jason R. Coombs", + "email": "jaraco@jaraco.com", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only" + ], + "homepage_url": "https://github.com/jaraco/zipp", + "download_url": "https://files.pythonhosted.org/packages/f0/36/639d6742bcc3ffdce8b85c31d79fcfae7bb04b95f0e5c4c6f8b206a038cc/zipp-3.8.1-py3-none-any.whl", + "size": 5645, + "sha1": null, + "md5": "300aa262796e7ebfb57b4d6731821c29", + "sha256": "47c40d7fe183a6f21403a199b3e4192cca5774656965b0a4988ad2f8feb5f009", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: MIT License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/zipp/3.8.1/json", + "datasource_id": null, + "purl": "pkg:pypi/zipp@3.8.1" + } + ], + "resolved_dependencies_graph": [ + { + "package": "pkg:pypi/zipp@3.8.1", + "dependencies": [] + } + ] +} \ No newline at end of file diff --git a/tests/data/tilde_req-expected-max-rounds.json b/tests/data/tilde_req-expected-max-rounds.json new file mode 100644 index 00000000..0e90ce6b --- /dev/null +++ b/tests/data/tilde_req-expected-max-rounds.json @@ -0,0 +1,79 @@ +{ + "headers": { + "tool_name": "python-inspector", + "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", + "options": [ + "--index-url https://pypi.org/simple", + "--index-url https://thirdparty.aboutcode.org/pypi/simple/", + "--json ", + "--operating-system linux", + "--python-version 38", + "--specifier zipp~=3.8.0" + ], + "notice": "Dependency tree generated with python-inspector.\npython-inspector is a free software tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/python-inspector/ for support and download.", + "warnings": [], + "errors": [] + }, + "files": [], + "packages": [ + { + "type": "pypi", + "namespace": null, + "name": "zipp", + "version": "3.8.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Backport of pathlib-compatible object wrapper for zip files\n.. image:: https://img.shields.io/pypi/v/zipp.svg\n :target: `PyPI link`_\n\n.. image:: https://img.shields.io/pypi/pyversions/zipp.svg\n :target: `PyPI link`_\n\n.. _PyPI link: https://pypi.org/project/zipp\n\n.. image:: https://github.com/jaraco/zipp/workflows/tests/badge.svg\n :target: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n :target: https://github.com/psf/black\n :alt: Code style: Black\n\n.. .. image:: https://readthedocs.org/projects/skeleton/badge/?version=latest\n.. :target: https://skeleton.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2022-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/zipp\n :target: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme\n\n\nA pathlib-compatible Zipfile object wrapper. Official backport of the standard library\n`Path object `_.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - zipp\n - stdlib\n * - 3.5\n - 3.11\n * - 3.3\n - 3.9\n * - 1.0\n - 3.8\n\n\nUsage\n=====\n\nUse ``zipp.Path`` in place of ``zipfile.Path`` on any Python.\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.\n\nSecurity Contact\n================\n\nTo report a security vulnerability, please use the\n`Tidelift security contact `_.\nTidelift will coordinate the fix and disclosure.", + "release_date": "2022-07-12T14:21:21", + "parties": [ + { + "type": "person", + "role": "author", + "name": "Jason R. Coombs", + "email": "jaraco@jaraco.com", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only" + ], + "homepage_url": "https://github.com/jaraco/zipp", + "download_url": "https://files.pythonhosted.org/packages/3b/e3/fb79a1ea5f3a7e9745f688855d3c673f2ef7921639a380ec76f7d4d83a85/zipp-3.8.1.tar.gz", + "size": 14189, + "sha1": null, + "md5": "6f15c3e3c78919f8936749b0033e0cea", + "sha256": "05b45f1ee8f807d0cc928485ca40a07cb491cf092ff587c0df9cb1fd154848d2", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: MIT License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/zipp/3.8.1/json", + "datasource_id": null, + "purl": "pkg:pypi/zipp@3.8.1" + } + ], + "resolved_dependencies_graph": [ + { + "package": "pkg:pypi/zipp@3.8.1", + "dependencies": [] + } + ] +} \ No newline at end of file diff --git a/tests/data/tilde_req-expected-netrc.json b/tests/data/tilde_req-expected-netrc.json new file mode 100644 index 00000000..0e90ce6b --- /dev/null +++ b/tests/data/tilde_req-expected-netrc.json @@ -0,0 +1,79 @@ +{ + "headers": { + "tool_name": "python-inspector", + "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", + "options": [ + "--index-url https://pypi.org/simple", + "--index-url https://thirdparty.aboutcode.org/pypi/simple/", + "--json ", + "--operating-system linux", + "--python-version 38", + "--specifier zipp~=3.8.0" + ], + "notice": "Dependency tree generated with python-inspector.\npython-inspector is a free software tool from nexB Inc. and others.\nVisit https://github.com/aboutcode-org/python-inspector/ for support and download.", + "warnings": [], + "errors": [] + }, + "files": [], + "packages": [ + { + "type": "pypi", + "namespace": null, + "name": "zipp", + "version": "3.8.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "Python", + "description": "Backport of pathlib-compatible object wrapper for zip files\n.. image:: https://img.shields.io/pypi/v/zipp.svg\n :target: `PyPI link`_\n\n.. image:: https://img.shields.io/pypi/pyversions/zipp.svg\n :target: `PyPI link`_\n\n.. _PyPI link: https://pypi.org/project/zipp\n\n.. image:: https://github.com/jaraco/zipp/workflows/tests/badge.svg\n :target: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22\n :alt: tests\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n :target: https://github.com/psf/black\n :alt: Code style: Black\n\n.. .. image:: https://readthedocs.org/projects/skeleton/badge/?version=latest\n.. :target: https://skeleton.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/badge/skeleton-2022-informational\n :target: https://blog.jaraco.com/skeleton\n\n.. image:: https://tidelift.com/badges/package/pypi/zipp\n :target: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme\n\n\nA pathlib-compatible Zipfile object wrapper. Official backport of the standard library\n`Path object `_.\n\n\nCompatibility\n=============\n\nNew features are introduced in this third-party library and later merged\ninto CPython. The following table indicates which versions of this library\nwere contributed to different versions in the standard library:\n\n.. list-table::\n :header-rows: 1\n\n * - zipp\n - stdlib\n * - 3.5\n - 3.11\n * - 3.3\n - 3.9\n * - 1.0\n - 3.8\n\n\nUsage\n=====\n\nUse ``zipp.Path`` in place of ``zipfile.Path`` on any Python.\n\nFor Enterprise\n==============\n\nAvailable as part of the Tidelift Subscription.\n\nThis project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.\n\n`Learn more `_.\n\nSecurity Contact\n================\n\nTo report a security vulnerability, please use the\n`Tidelift security contact `_.\nTidelift will coordinate the fix and disclosure.", + "release_date": "2022-07-12T14:21:21", + "parties": [ + { + "type": "person", + "role": "author", + "name": "Jason R. Coombs", + "email": "jaraco@jaraco.com", + "url": null + } + ], + "keywords": [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only" + ], + "homepage_url": "https://github.com/jaraco/zipp", + "download_url": "https://files.pythonhosted.org/packages/3b/e3/fb79a1ea5f3a7e9745f688855d3c673f2ef7921639a380ec76f7d4d83a85/zipp-3.8.1.tar.gz", + "size": 14189, + "sha1": null, + "md5": "6f15c3e3c78919f8936749b0033e0cea", + "sha256": "05b45f1ee8f807d0cc928485ca40a07cb491cf092ff587c0df9cb1fd154848d2", + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "license_expression": null, + "declared_license": { + "classifiers": [ + "License :: OSI Approved :: MIT License" + ] + }, + "notice_text": null, + "source_packages": [], + "file_references": [], + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": null, + "repository_download_url": null, + "api_data_url": "https://pypi.org/pypi/zipp/3.8.1/json", + "datasource_id": null, + "purl": "pkg:pypi/zipp@3.8.1" + } + ], + "resolved_dependencies_graph": [ + { + "package": "pkg:pypi/zipp@3.8.1", + "dependencies": [] + } + ] +} \ No newline at end of file diff --git a/tests/data/tilde_req-expected.json b/tests/data/tilde_req-expected.json index de2635f7..0e90ce6b 100644 --- a/tests/data/tilde_req-expected.json +++ b/tests/data/tilde_req-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--index-url https://thirdparty.aboutcode.org/pypi/simple/", diff --git a/tests/test_cli.py b/tests/test_cli.py index b7dcc507..af8d2748 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -12,6 +12,8 @@ import json import os import sys +import time +from os.path import dirname import pytest from click.testing import CliRunner @@ -226,7 +228,7 @@ def test_cli_with_single_env_var_index_url_except_pypi_simple(): @pytest.mark.online def test_cli_with_multiple_env_var_index_url_and_tilde_req(): - expected_file = test_env.get_test_loc("tilde_req-expected.json", must_exist=False) + expected_file = test_env.get_test_loc("tilde_req-expected-env.json", must_exist=False) specifier = "zipp~=3.8.0" os.environ[ "PYINSP_INDEX_URL" @@ -349,7 +351,7 @@ def test_cli_with_azure_devops_with_python_38(): @pytest.mark.online def test_cli_with_multiple_index_url_and_tilde_req_with_max_rounds(): - expected_file = test_env.get_test_loc("tilde_req-expected.json", must_exist=False) + expected_file = test_env.get_test_loc("tilde_req-expected-max-rounds.json", must_exist=False) specifier = "zipp~=3.8.0" extra_options = [ "--index-url", @@ -369,7 +371,7 @@ def test_cli_with_multiple_index_url_and_tilde_req_with_max_rounds(): @pytest.mark.online def test_cli_with_multiple_index_url_and_tilde_req_and_netrc_file_without_matching_url(): - expected_file = test_env.get_test_loc("tilde_req-expected.json", must_exist=False) + expected_file = test_env.get_test_loc("tilde_req-expected-netrc.json", must_exist=False) netrc_file = test_env.get_test_loc("test-commented.netrc", must_exist=False) specifier = "zipp~=3.8.0" extra_options = [ @@ -524,8 +526,8 @@ def test_passing_of_json_pdt_and_json_flags(): def test_version_option(): options = ["--version"] - result = run_cli(options=options) - assert "0.13.0" in result.output + rc, stdout, stderr = run_cli(options=options) + assert "0.14.0" in stdout def test_passing_of_netrc_file_that_does_not_exist(): @@ -580,17 +582,15 @@ def test_passing_of_no_pyver(): def test_passing_of_wrong_pyver(): options = ["--specifier", "foo", "--json", "-", "--python-version", "foo"] message = "Invalid value for '-p' / '--python-version'" - result = run_cli(options=options, expected_rc=2, get_env=False) - if message: - assert message in result.output + rc, stdout, stderr = run_cli(options=options, expected_rc=2, get_env=False) + assert message in stderr def test_passing_of_unsupported_os(): options = ["--specifier", "foo", "--json", "-", "--operating-system", "bar"] message = "Invalid value for '-o' / '--operating-system'" - result = run_cli(options=options, expected_rc=2, get_env=False) - if message: - assert message in result.output + rc, stdout, stderr = run_cli(options=options, expected_rc=2, get_env=False) + assert message in stderr def check_requirements_resolution( @@ -625,9 +625,9 @@ def check_setup_py_resolution( else: options = ["--setup-py", setup_py, "--json", result_file] options.extend(extra_options) - result = run_cli(options=options, expected_rc=expected_rc) + rc, stdout, stderr = run_cli(options=options, expected_rc=expected_rc) if message: - assert message in result.output + assert message in stderr if expected_rc == 0: check_json_file_results(result_file=result_file, expected_file=expected_file, regen=regen) @@ -654,6 +654,7 @@ def check_data_results(results, expected_file, regen=REGEN_TEST_FIXTURES): results from ``results_file``. This is convenient for updating tests expectations. """ + results = clean_results(results) if regen: with open(expected_file, "w") as exo: json.dump(results, exo, indent=2, separators=(",", ": ")) @@ -661,35 +662,82 @@ def check_data_results(results, expected_file, regen=REGEN_TEST_FIXTURES): else: with open(expected_file) as reso: expected = json.load(reso) + + expected = clean_results(expected) + assert results == expected -def run_cli(options, cli=resolve_dependencies, expected_rc=0, env=None, get_env=True): +def clean_results(results): + """ + Return cleaned data + """ + if isinstance(results, dict) and "headers" in results: + headers = results.get("headers", {}) or {} + if "tool_version" in headers: + del headers["tool_version"] + + return results + + +def run_cli( + options, + expected_rc=0, + env=None, + get_env=True, + retry=True, +): """ - Run a command line resolution. Return a click.testing.Result object. + Run a python-inspector command as a plain subprocess. Return results. """ + from commoncode.command import execute + if not env: env = dict(os.environ) - runner = CliRunner() if get_env: options = append_os_and_pyver_options(options) if "--generic-paths" not in options: options.append("--generic-paths") - result = runner.invoke(cli, options, catch_exceptions=False, env=env) + root_dir = dirname(dirname(__file__)) + py_cmd = os.path.abspath(os.path.join(root_dir, "venv", "bin", "python-inspector")) + rc, stdout, stderr = execute( + cmd_loc=py_cmd, + args=options, + env=env, + ) + + if retry and rc != expected_rc: + # wait and rerun in verbose mode to get more in the output + time.sleep(1) + if "--verbose" not in options: + options.append("--verbose") + rc, stdout, stderr = execute( + cmd_loc=py_cmd, + args=options, + env=env, + ) - if result.exit_code != expected_rc: - output = result.output - opts = " ".join(options) + if rc != expected_rc: + opts = get_opts(options) error = f""" Failure to run: -rc: {result.exit_code} -python-inspector {opts} -output: -{output} +rc: {rc!r} +command: python-inspector {opts} +stdout: +{stdout} + +stderr: +{stderr} """ - assert result.exit_code == expected_rc, error - return result + assert rc == expected_rc, error + + return rc, stdout, stderr + + +def get_opts(options): + opts = [o if isinstance(o, str) else repr(o) for o in options] + return " ".join(opts)