poetry-core icon indicating copy to clipboard operation
poetry-core copied to clipboard

Published 20 hours ago verified publisher icon python-poetry

Error out when poetry -C argument is not a pyproject directory

Open Cypher1 opened this issue 1 year ago • 7 comments
trafficstars

Poetry's current handling of the --directory (or -C) argument does not protect against incorrectly specified paths (e.g. misspellings and simple mistakes). In mono repo projects, and other cases where a parent directory has a pyproject.toml this can lead to commands being run in an unexpected package environment, leading to error prone and difficult to catch behaviour in multi package repositories.

This change retains the default behavior of poetry when no -C argument is specified (i.e. walking up the tree from the current directory) but ensures that the -C argument is valid when it is manually specified.

This prevents incorrectly typed directories from breaking builds & CI scripts, while retaining the current default behaviour, minimising change.

Some tests are also updated where they previously pass paths to pyproject.toml files to the cwd arg, (instead of project directories).

Cypher1 avatar Feb 05 '24 01:02 Cypher1

@radoering would you be free to review this?

Cypher1 avatar Feb 13 '24 01:02 Cypher1

I am currently busy preparing Poetry 1.8. I'll take a look after that's done. (The corresponding poetry-core has already been released at the beginning of February so you caught an unlucky timing.)

radoering avatar Feb 13 '24 17:02 radoering

No problem at all. Thx!

Cypher1 avatar Feb 13 '24 20:02 Cypher1

We have to be careful not to accidentally introduce a breaking change and therefore evaluate all uses of create_poetry() with cwd != None in poetry-core and poetry:

usage evaluation remark
poetry.core.masonry.api (4x) ⚠️❓ That could be a dangerous one, since it's the API. I'm not sure if we can assume that poetry-core is never called from a subdirectory.
poetry.console.application ⚠️ If directory is not set, we explicitly pass the cwd. I think this PR will introduce an unwanted change in this case. However, we can make a downstream change to just pass None instead.
poetry.console.commands.self.self_command This one should be safe since we pass the directory of the pyproject.toml.
poetry.inspection.info This one should be safe since we pass the directory of the pyproject.toml.
poetry.installation.executor This one should be safe since we pass the directory of the pyproject.toml.

radoering avatar Feb 24 '24 11:02 radoering

@radoering How can AI help with these concerns? I think the current state of the -C argument is not ideal and leads to significant issues when maintaining a large (i.e. multi-package) mono repo, still I am totally on board with backwards compatibility's important, even when the current implementation does not 100% match the documented (and arguably expected) behaviour.

Looking forward to hear more about the project's needs on this front. Cheers, Jay

Cypher1 avatar Mar 05 '24 00:03 Cypher1

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Mar 05 '24 02:03 sonarqubecloud[bot]

Don't think this is the correct spot for handling an input validation from the poetry cli.

This should be handled at https://github.com/python-poetry/poetry/blob/d08c75afcc097b3b6a73c704f64f7cebbc2765c1/src/poetry/console/application.py#L123-L131

abn avatar Mar 05 '24 02:03 abn