bibliothecary icon indicating copy to clipboard operation
bibliothecary copied to clipboard

Published 20 hours ago verified publisher icon librariesio

Improve setup.py parsing

Open andrew opened this issue 7 years ago • 10 comments

Find dependencies when specified as an array:

required_packages = [
    'coverage==3.7.1',
    'Mako==1.0.3',
    'PyYAML==3.11',
]

andrew avatar Jul 17 '16 17:07 andrew

Hey there -- since I'm working on the new PyPI and getting it closer and closer to launch, I wanted to check whether you're planning on using the API instead of parsing setup.py -- or perhaps I am misunderstanding your needs?

brainwane avatar Jan 23 '18 22:01 brainwane

@brainwane thanks for getting in touch, at the moment we don't want to execute any arbitrary python code so parsing with a regex is the best way for us to handle it until we have a safe way of using each package managers tooling directly, then we'll use the API, thanks!

andrew avatar Jan 25 '18 09:01 andrew

We are using the pypi rest api in the main Libraries.io codebase over here: https://github.com/librariesio/libraries.io/blob/master/app/models/package_manager/pypi.rb but that doesn't help for this project which parses any setup.py, usually from applications rather than pypi modules.

andrew avatar Jan 25 '18 09:01 andrew

https://github.com/pypa/twine/blob/fb062b77c7ef38c28430dd4c8edaa592c4b59b07/setup.py#L21:L27 is an example here:

install_requires = [
    "tqdm >= 4.14",
    "pkginfo >= 1.0",
    "requests >= 2.5.0, != 2.15, != 2.16",
    "requests-toolbelt >= 0.8.0",
    "setuptools >= 0.7.0",
]

brainwane avatar Mar 15 '18 14:03 brainwane

@brainwane this library is also used for parsing dependency information from repositories that aren't pushed to pypi, including public and private github repositories, forks etc

andrew avatar Mar 15 '18 14:03 andrew

Could I please ask for this and the other PyPI issues -- #414, #459, #415 -- to get higher priorities on Tidelift's roadmap? The current gaps in coverage leave a lot of real dependencies untracked.

brainwane avatar Jul 21 '19 14:07 brainwane

@brainwane noted!

One thing to be sure is clear to anyone who might stumble on the discussion, these are all for repository dependencies, so https://libraries.io/github/pytest-dev/pytest vs package deps like https://libraries.io/pypi/pytest/5.0.1/tree ... hopefully we're getting the package deps right.

Team Tidelift is very development-team-size-constrained right now, to set expectations, but I do appreciate the bump on these and we've added them to our internal backlog too.

havocp avatar Aug 01 '19 20:08 havocp

You won't be able to parse setup.py with Ruby. There are no even AST parsers for Python written in Ruby, and no those that can detect syntax for Python 2 and various 3.x versions without errors.

abitrolly avatar Aug 11 '19 08:08 abitrolly

Related conversation on Mastodon the last few days.

brainwane avatar Nov 18 '19 00:11 brainwane

Do you also plan to parse the conditional or extras dependencies in setup.py? Or should I get setup.py to generate the requirements.txt file in order for my dependencies to be accounted for here?

jonnymaserati avatar Aug 04 '21 11:08 jonnymaserati