search

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/aboutcode-org/scancode-toolkit/releases/
2.07k stars 537 forks source link

Review requirements at https://github.com/philips-software/license-scanner/blob/b590ea0985c83daab0a913c1d3c4e2eb34a87d9f/docker/requirements.txt #2398

Open pombredanne opened 3 years ago

pombredanne commented 3 years ago

See https://github.com/philips-software/license-scanner/blob/b590ea0985c83daab0a913c1d3c4e2eb34a87d9f/docker/requirements.txt

@JeroenKnoops commented yesterday https://github.com/oss-review-toolkit/ort/pull/3613#issuecomment-777057402

I needed Scancode for a project as well.

I had some troubles when using the requirements.txt above, so I've installed the full scancode pip package and did a pip freeze and use that for the future installations.

Now its dependency versions are fixed and it's running in python 3.9.

See: https://github.com/philips-software/license-scanner/pull/48/files

The task consist in reviewing the requirements and why the standard ones were not working there.

JeroenKnoops commented 3 years ago

The trouble was caused by PyYAML. The version in https://raw.githubusercontent.com/nexB/scancode-toolkit/v21.2.9/requirements.txt is 3.12 and that can only be installed on python 3.6.

https://raw.githubusercontent.com/nexB/scancode-toolkit/v21.2.9/requirements.txt 

PyYAML==3.12

If you want to use python:3.9.1 you can use the following setup with a requirements.txt.

How did I create the requirements.txt?

I created a DockerFile based on python:buster

FROM python:buster

RUN /usr/local/bin/python -m pip install --upgrade pip

RUN pip install scancode-toolkit[full]
RUN pip freeze

Copy - pasted the requirements output to a file and now using it to install pinned versions of the dependencies.

FROM python:buster

RUN /usr/local/bin/python -m pip install --upgrade pip

COPY docker/requirements.txt /app/requirements.txt
RUN pip install scancode-toolkit[full] -c /app/requirements.txt

Now the PyYAML has version 5.4.1.

https://github.com/philips-software/license-scanner/blob/b590ea0985c83daab0a913c1d3c4e2eb34a87d9f/docker/requirements.txt

PyYAML==5.4.1

Attached is the requirements.txt file. requirements.txt

pombredanne commented 3 years ago

@JeroenKnoops thanks... that's a relatively easy one to fix as https://github.com/nexB/saneyaml/ is the one that has the direct dep on PyYAML and using a wider range of versions should be a no brainer ( and a good time to rev up saneyaml too)

Pushpit07 commented 3 years ago

I think this issue should be closed