search

Backblaze / boardwalk

A linear remote execution workflow engine built on top of Ansible
Other
11 stars 0 forks source link

Use a requirements.txt for dep scanning #47

Closed m4wh6k closed 1 year ago

m4wh6k commented 1 year ago

What and why?

At least at the moment, GitHub doesn't support dependency scanning from a pyproject.toml without also using Poetry. I don't think we should start depending on poetry just to get dependency scanning working, so this change just moves dependency constraints into a requirements.txt, which is supported

How was this tested?

Tested by making sure installing the package along with its dependencies still works as expected locally. I don't think I can actually test GitHub's dependency scanner until after this is merged into mainline, however

Checklist

m4wh6k commented 1 year ago

You're also going to want to include requirements.txt into the MANIFEST.in file, as it currently isn't included when running make dist:

asullivan@MBP-NT9RPG2XV7 boardwalk % tar -tf dist/boardwalk-0.8.6.tar.gz 
boardwalk-0.8.6/
boardwalk-0.8.6/MANIFEST.in
boardwalk-0.8.6/PKG-INFO
boardwalk-0.8.6/README.md
boardwalk-0.8.6/VERSION
boardwalk-0.8.6/pyproject.toml
boardwalk-0.8.6/setup.cfg
boardwalk-0.8.6/src/
boardwalk-0.8.6/src/boardwalk/
[... snipped ...]
boardwalk-0.8.6/src/boardwalkd/templates/workspace_events_table.html

From the setuptools documentation:

Attention When using the file directive, please make sure that all necessary files are included in the sdist. You can do that via MANIFEST.in or using plugins such as setuptools-scm. Please have a look on Controlling files in the distribution for more information.

The build process even warns about this during the build (a snippet from the full build log):

* Building wheel from sdist
* Creating venv isolated environment...
* Installing packages in isolated environment... (setuptools >=62)
* Getting build dependencies for wheel...
/private/var/folders/q_/ns6q_l2j21zb_5k5qzlb3rq40000gq/T/build-env-p4848yvy/lib/python3.11/site-packages/setuptools/config/pyprojecttoml.py:108: _BetaConfiguration: Support for `[tool.setuptools]` in `pyproject.toml` is still *beta*.
  warnings.warn(msg, _BetaConfiguration)
/private/var/folders/q_/ns6q_l2j21zb_5k5qzlb3rq40000gq/T/build-env-p4848yvy/lib/python3.11/site-packages/setuptools/config/expand.py:144: UserWarning: File '/private/var/folders/q_/ns6q_l2j21zb_5k5qzlb3rq40000gq/T/build-via-sdist-i8b54cdr/boardwalk-0.8.6/requirements.txt' cannot be found
  warnings.warn(f"File {path!r} cannot be found")

Ah thanks I forgot that again. Fixed

m4wh6k commented 1 year ago

LGTM, though did you mean to revert the VERSION file bump? I see the version was bumped in 3364904 however the file isn't modified in the consolidated changeset now. (Possibly clobbered by the merge of main into the PR in c279ded ?)

Yes, I figured I may as well release this change along with the other