Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix misc package scanning bugs #4073

Merged
merged 2 commits into from
Jan 6, 2025
Merged

Fix misc package scanning bugs #4073

merged 2 commits into from
Jan 6, 2025

Conversation

AyanSinhaMahapatra
Copy link
Member

@AyanSinhaMahapatra AyanSinhaMahapatra commented Jan 6, 2025
edited
Loading

  • Improve conda packages and dependencies parsing
  • Skip failing npm package assembly on invalid package.json

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
    Run tests locally to check for errors.
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Updated documentation pages (if applicable)
  • Updated CHANGELOG.rst (if applicable)

@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the fix-package-scan-bugs branch 3 times, most recently from 5fce14d to 5f62b34 Compare January 6, 2025 11:08
@AyanSinhaMahapatra AyanSinhaMahapatra changed the title Improve conda packages and dependencies parsing Fix misc package scanning bugs Jan 6, 2025
@AyanSinhaMahapatra
Do not fail scan or assembly for invalid package.json
c59de73 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Improve conda packages and dependencies parsing
a98327e 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
pombredanne
pombredanne reviewed Jan 6, 2025
View reviewed changes
src/packagedcode/conda.py
@@ -14,6 +14,7 @@

from packagedcode import models
from packagedcode.pypi import BaseDependencyFileHandler
from dparse2.parser import parse_requirement_line
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you really want to use this and not our own pip-requirements-parser?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what we were using previously with dparse, I added some improvements on the function, and this was using parse_requirement_line internally, but pip-requirements-parser would make more sense possibly, I will open a follow up issue on conda to include this. This would be helpful also to parse requirement lines with source repos.

pombredanne
pombredanne reviewed Jan 6, 2025
View reviewed changes
src/packagedcode/conda.py
@@ -107,33 +125,152 @@ def parse(cls, location, package_only=False):
# u'progressbar2', u'python >=3.6'])])
for req in reqs:
name, _, requirement = req.partition(" ")
purl = PackageURL(type=cls.default_package_type, name=name)
version = None
if requirement.startswith("=="):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this is OK as a quick fix, but we should steal the code from https://github.com/conda/conda/blob/5eed0193f2acd45b26599af4b71f241fd8666ccd/conda/models/version.py#L52 in the future

pombredanne
pombredanne approved these changes Jan 6, 2025
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to merge! And we can refine later

@AyanSinhaMahapatra AyanSinhaMahapatra merged commit 2e69428 into develop Jan 6, 2025
40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pombredanne pombredanne pombredanne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AyanSinhaMahapatra @pombredanne