python-license-check icon indicating copy to clipboard operation
python-license-check copied to clipboard

Published 20 hours ago verified publisher icon dhatim

Support `poetry.lock`

Open mattyclarkson opened this issue 3 years ago • 6 comments

poetry is a Python package manager that is gaining momentum as an alternative to pip.

It provides a concrete poetry.lock describing the resolved dependencies of a project.

Would it make sense to add a poetry.lock parsing module to this project to integrate smoothly with poetry projects?

It might be sensible to add the parse as on extra to the project that would be installed with liccheck[poetry]. Depends if we use the poetry project to read the lock file.

poetry does have the functionality to generate a requirements.txt so there is a work around possible.

mattyclarkson avatar Apr 14 '21 20:04 mattyclarkson

That would be excellent. poetry export helps some, but tends to sometimes (like with the current very recent 1.1.6 release) generate a requirements.txt that liccheck chokes on.

vegai avatar Apr 15 '21 11:04 vegai

I implemented a very rudimentary and ugly poetry.lock reader here: https://github.com/vegai/python-license-check/tree/poetry_lock_support -- the POC was pretty trivial.

If somebody wants to pick this up and implement it properly, feel free. If not, I'll probably be able to make it prettier and mergeable in a few days/weeks.

vegai avatar Apr 15 '21 12:04 vegai

So I probably knew when I was writing my last comment that it's a blatant lie. Anyway, perhaps some day it will happen that I get bored of exporting requirements.txt and rereading it here and then finish this.

vegai avatar Jun 22 '21 09:06 vegai

Does exporting from poetry and consuming in liccheck works for you out of the box?

mdczaplicki avatar Sep 19 '22 13:09 mdczaplicki

Does exporting from poetry and consuming in liccheck works for you out of the box?

Yes. The following command sequence works great for me in all my Poetry projects. specifically Poetry versions v1.0.0+ (v1.3.1 is the latest at the time of writing)

poetry export > requirements.txt
poetry run liccheck
rm requirements.txt

thehale avatar Dec 28 '22 21:12 thehale

I'd like to run it in pre-commit with poetry, but this would require a custom pre-commit hook. So having this "workaround" implemented in the package would be nice! Possibly it should also not be specific to poetry, but rather allow giving a command that generates a requirements.txt (this would allow to also e.g. enable Pipfile.lock)

Also, maybe liccheck should just allow passing a requirements.txt file to stdin - then creating temporary files could be avoided.

apirogov avatar Mar 27 '23 10:03 apirogov