pypa / pipenv

Python Development Workflow for Humans.
https://pipenv.pypa.io
MIT License
24.87k stars 1.87k forks source link

pipenv install does not throw an error when a Pipfile.lock is determined to be corrupt #6121

Open evanottinger opened 7 months ago

evanottinger commented 7 months ago

Issue description

pipenv install printed Pipfile.lock is corrupted; ignoring contents. to standard and displayed a success message.

Expected result

I expected pipenv install to throw an error.

Actual result

Creating a virtualenv for this project...
Pipfile: /app/Pipfile
Using /usr/local/bin/python (3.10.14) to create virtualenv...
created virtual environment CPython3.10.14.final.0-64 in 653ms
  creator CPython3Posix(dest=/root/.local/share/virtualenvs/app-4PlAip0Q, clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv)
    added seed packages: pip==24.0, setuptools==69.1.0, wheel==0.42.0
  activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /root/.local/share/virtualenvs/app-4PlAip0Q
Pipfile.lock is corrupted; ignoring contents.
Installing dependencies from Pipfile.lock (86e0a8)...
Installing dependencies from Pipfile.lock (86e0a8)...
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.

The message is technically visible in the logs, but it somewhat acts as a silently passing error. This allowed me to successfully build an application only to find that none of the dependencies were installed and nothing indicating an obvious error.

Steps to replicate


$ pipenv --support Pipenv version: `'2023.10.24'` Pipenv location: `'/home/evan/.local/lib/python3.11/site-packages/pipenv'` Python location: `'/bin/python3.11'` OS Name: `'posix'` User pip version: `'23.3.1'` user Python installations found: PEP 508 Information: ``` {'implementation_name': 'cpython', 'implementation_version': '3.11.8', 'os_name': 'posix', 'platform_machine': 'x86_64', 'platform_python_implementation': 'CPython', 'platform_release': '5.15.150.1-microsoft-standard-WSL2', 'platform_system': 'Linux', 'platform_version': '#1 SMP Thu Mar 7 03:22:57 UTC 2024', 'python_full_version': '3.11.8', 'python_version': '3.11', 'sys_platform': 'linux'} ``` System environment variables: - `SHELL` - `PYENV_SHELL` - `WSL2_GUI_APPS_ENABLED` - `WSL_DISTRO_NAME` - `WT_SESSION` - `NAME` - `PWD` - `PYENV_VIRTUALENV_INIT` - `LOGNAME` - `HOME` - `LANG` - `WSL_INTEROP` - `LS_COLORS` - `WAYLAND_DISPLAY` - `LESSCLOSE` - `TERM` - `LESSOPEN` - `USER` - `DISPLAY` - `SHLVL` - `XDG_RUNTIME_DIR` - `PYENV_ROOT` - `WSLENV` - `XDG_DATA_DIRS` - `PATH` - `DBUS_SESSION_BUS_ADDRESS` - `HOSTTYPE` - `PULSE_SERVER` - `WT_PROFILE_ID` - `OLDPWD` - `_` - `PIP_DISABLE_PIP_VERSION_CHECK` - `PYTHONDONTWRITEBYTECODE` - `PYTHONFINDER_IGNORE_UNSUPPORTED` Pipenv–specific environment variables: Debug–specific environment variables: - `PATH`: `/home/evan/.pyenv/versions/3.8.10/bin:/home/evan/.pyenv/shims:/home/evan/.ebcli-virtual-env/executables:/mnt/c/Users/Evan/AppData/Local/Programs/Microsoft VS Code/bin:/home/evan/.local/bin:/home/evan/.pyenv/plugins/pyenv-virtualenv/shims:/home/evan/.pyenv/bin:/home/evan/.cargo/bin:/bin:/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/lib/wsl/lib:/usr/local/bin:/home/evan/.local/bin` - `SHELL`: `/bin/bash` - `LANG`: `C.UTF-8` - `PWD`: `/home/evan/[redacted]` ---------------------------
matteius commented 6 months ago

I think that @oz123 's work on plette validation may fix this issue report once its released -- thoughts Oz?

oz123 commented 6 months ago

Sorry to say this, but Plette does not do validation on the pipfile.lock.

matteius commented 1 month ago

@oz123 Do you know what that status of this is now that plette is removed? Actually, I just checked and plette isn't removed, but I thought you had done work to remove it?

oz123 commented 1 month ago

I rewrote palette to use data classes instead on Cerberus. In the process I added many tests and examples of valid and invalid Pipfiles. Plette was always a validation \ spec library for Pipenv not Pipenv.lock. But I guess it should do both. @evanottinger if you still have the corrupt file I would be happy to look at it order to fix the issue. You can also share it privately if you don't want to post it.