`poetry export -f requirements.txt` creates deprecated format URI for private git dependencies

python-poetry / poetry-plugin-export

Poetry plugin to export the dependencies to various formats

MIT License

248 stars 54 forks source link

`poetry export -f requirements.txt` creates deprecated format URI for private git dependencies #26

Open rambo opened 4 years ago

rambo commented 4 years ago

[x] I am on the latest Poetry version.
[x] I have searched the issues of this repo and believe that this is not a duplicate.
[x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

OS version and name: OSX Catalina (python 3.7 from homebrew)
Poetry version: 1.0.8

Issue

After exporting with poetry export -f requirements.txt --without-hashes -o foo.txt running pip install -r foo.txt gives warnings like the one below from private git dependencies.

Obtaining [REDACTED] from git+git@gitlab.com[REDACTED]

DEPRECATION: This form of VCS requirement is being deprecated: git+git@gitlab.com[REDACTED]

pip 21.0 will remove support for this functionality. A possible replacement is git+https://git@example.com/..., git+ssh://git@example.com/..., or the insecure git+git://git@example.com/.... You can find discussion regarding this at https://github.com/pypa/pip/issues/7554.

SanketDG commented 4 years ago

How did you add the dependency?

poetry just prefixes the dependency with git+

rambo commented 4 years ago

I'm pretty sure I just added the line

REDACTED = {git = "git@gitlab.com:REDACTED.git"}

manually to pyproject.toml, if I just prefix that with ssh:// then poetry install itself fails with Command '['git', 'clone', 'ssh://git@gitlab.com:REDACTED', '/var/folders/ym/675v9ms93qs0pl79xm2zsgrr0000gn/T/pypoetry-git-REDACTEDdcrj1q5y']' returned non-zero exit status 128.

Edit: just tried adding the dependency again with poetry add git+ssh://git@gitlab.com:REDACTED.git and ended up with the exact same dependency line in pyproject.toml as before.

SanketDG commented 4 years ago

Right.

If conformance with pip is something favoured by poetry, all git urls should be regulated.

I will wait for what the maintainers have to say on this before trying to fix anything.

finswimmer commented 4 years ago

@SanketDG: We would really appreciate your contribution. So go on :+1:

I would suggest you have a look at https://github.com/python-poetry/poetry/blob/bc9acdbcf9082c311ff2545225e00347acf31fd8/poetry/packages/vcs_dependency.py#L83-L88 to get an idea of how to fix it most probably in https://github.com/python-poetry/poetry/blob/bc9acdbcf9082c311ff2545225e00347acf31fd8/poetry/utils/exporter.py#L73-L83

fin swimmer

SanketDG commented 4 years ago

@finswimmer The issue is not in the exporter, but rather in add where the protocol information is lost.

rambo commented 4 years ago

But if the ssh:// (with or without git+ prefix) protocol is added back in manually it doesn't work because the git clone command poetry generates fails.

finswimmer commented 4 years ago

@SanketDG: As @rambo said, I guess how ssh:// url's are handled by poetry add are due to the point, that you can easily copy&paste from github, gitlab etc.

I think fixing the output of poetry export is enough here.

fin swimmer

rambo commented 4 years ago

I thinks fixing the output of poetry export is enough here.

Agreed.