Skip to content

Commit

Permalink
Validation to ensure requirements_lock is pinned. (bazelbuild#732)
Browse files Browse the repository at this point in the history
* Light validation to ensure lockfile is pinned.

* Clean up

* .

Co-authored-by: Alex Eagle <alex@aspect.dev>
  • Loading branch information
2 people authored and mattem committed Jul 7, 2022
1 parent 6d26da4 commit fe2fbfd
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 23 deletions.
9 changes: 3 additions & 6 deletions examples/pip_install/requirements.in
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
boto3==1.14.51
s3cmd==2.1.0
yamllint==1.26.3

# Last available for Python 3.6.
setuptools==59.6.0
boto3~=1.14.51
s3cmd~=2.1.0
yamllint~=1.26.3
4 changes: 1 addition & 3 deletions examples/pip_install/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,4 @@ yamllint==1.26.3 \
setuptools==59.6.0 \
--hash=sha256:22c7348c6d2976a52632c67f7ab0cdf40147db7789f9aed18734643fe9cf3373 \
--hash=sha256:4ce92f1e1f8f01233ee9952c04f6b81d1e02939d6e1b488428154974a4d0783e
# via
# -r requirements.in
# yamllint
# via yamllint
2 changes: 1 addition & 1 deletion examples/pip_parse/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ alias(
compile_pip_requirements(
name = "requirements",
extra_args = ["--allow-unsafe"],
requirements_in = "requirements.txt",
requirements_in = "requirements.in",
requirements_txt = "requirements_lock.txt",
)

Expand Down
3 changes: 3 additions & 0 deletions examples/pip_parse/requirements.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
requests~=2.25.1
s3cmd~=2.1.0
yamllint~=1.26.3
6 changes: 0 additions & 6 deletions examples/pip_parse/requirements.txt

This file was deleted.

10 changes: 4 additions & 6 deletions examples/pip_parse/requirements_lock.txt
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,11 @@ pyyaml==6.0 \
requests==2.25.1 \
--hash=sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804 \
--hash=sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e
# via -r requirements.txt
# via -r requirements.in
s3cmd==2.1.0 \
--hash=sha256:49cd23d516b17974b22b611a95ce4d93fe326feaa07320bd1d234fed68cbccfa \
--hash=sha256:966b0a494a916fc3b4324de38f089c86c70ee90e8e1cae6d59102103a4c0cc03
# via -r requirements.txt
# via -r requirements.in
six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
Expand All @@ -81,12 +81,10 @@ urllib3==1.26.7 \
# via requests
yamllint==1.26.3 \
--hash=sha256:3934dcde484374596d6b52d8db412929a169f6d9e52e20f9ade5bf3523d9b96e
# via -r requirements.txt
# via -r requirements.in

# The following packages are considered to be unsafe in a requirements file:
setuptools==59.6.0 \
--hash=sha256:22c7348c6d2976a52632c67f7ab0cdf40147db7789f9aed18734643fe9cf3373 \
--hash=sha256:4ce92f1e1f8f01233ee9952c04f6b81d1e02939d6e1b488428154974a4d0783e
# via
# -r requirements.txt
# yamllint
# via yamllint
16 changes: 15 additions & 1 deletion python/pip_install/parse_requirements_to_bzl/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,30 @@ def parse_install_requirements(
parser = RequirementsFileParser(ps, line_parser)
install_req_and_lines: List[Tuple[InstallRequirement, str]] = []
_, content = get_file_content(requirements_lock, ps)
unpinned_reqs = []
for parsed_line, (_, line) in zip(
parser.parse(requirements_lock, constraint=False), preprocess(content)
):
if parsed_line.is_requirement:
install_req = constructors.install_req_from_line(parsed_line.requirement)
if not install_req.is_pinned:
unpinned_reqs.append(str(install_req))
install_req_and_lines.append(
(constructors.install_req_from_line(parsed_line.requirement), line)
(install_req, line)
)

else:
extra_pip_args.extend(shlex.split(line))

if len(unpinned_reqs) > 0:
unpinned_reqs_str = "\n".join(unpinned_reqs)
raise RuntimeError(f"""\
The `requirements_lock` file must be fully pinned. See `compile_pip_requirements`.
Alternatively, use `pip-tools` or a similar mechanism to produce a pinned lockfile.
The following requirements were not pinned:
{unpinned_reqs_str}""")

return install_req_and_lines


Expand Down

0 comments on commit fe2fbfd

Please sign in to comment.