Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve dependencies from lockfiles #1244

Merged
merged 14 commits into from
Jul 1, 2024
Merged

Resolve dependencies from lockfiles #1244

merged 14 commits into from
Jul 1, 2024

Conversation

AyanSinhaMahapatra
Copy link
Contributor

@AyanSinhaMahapatra AyanSinhaMahapatra commented May 22, 2024
edited by pombredanne
Loading

@AyanSinhaMahapatra AyanSinhaMahapatra marked this pull request as draft May 22, 2024 09:54
tdruez
tdruez requested changes May 22, 2024
View reviewed changes
Copy link
Contributor

@tdruez tdruez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a good start. We are missing unit tests though.

scanpipe/pipes/scancode.py Outdated Show resolved Hide resolved
@AyanSinhaMahapatra
Resolve dependencies from lockfiles #1237
5cf11ac 
Reference: #1237
Reference: #1066
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from adc55dc to 5cf11ac Compare June 13, 2024 14:42
@AyanSinhaMahapatra
Merge branch 'main' into resolve-dependencies-from-lockfile
01770f0 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra marked this pull request as ready for review June 13, 2024 14:58
tdruez
tdruez requested changes Jun 13, 2024
View reviewed changes
scanpipe/migrations/0061_dependency_resolver_update.py Outdated Show resolved Hide resolved
scanpipe/filters.py Show resolved Hide resolved
scanpipe/models.py Show resolved Hide resolved
scanpipe/models.py Show resolved Hide resolved
scanpipe/models.py Show resolved Hide resolved
scanpipe/pipes/__init__.py Outdated Show resolved Hide resolved
@AyanSinhaMahapatra
Address feedback and add improvements
04fc0e1 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Improve dependency resolving from lockfiles #1237
f3385a8 
Resolves dependency for cases where multiple requirements
are resolved by one package and all the version requirements
are joined for that package.

Reference: #1237
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
tdruez
tdruez reviewed Jun 17, 2024
View reviewed changes
scanpipe/models.py Outdated Show resolved Hide resolved
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from ddead3b to 60050fe Compare June 19, 2024 11:17
@AyanSinhaMahapatra
Update scancode-toolkit and fix tests
65e652d 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from 60050fe to 65e652d Compare June 19, 2024 13:59
@AyanSinhaMahapatra
Bump scancode-toolkit to v32.2.0
92a3bf3 
Reference: https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.0
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Merge branch 'main' into resolve-dependencies-from-lockfile
4aef6db 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Regenerate test fixtures and expectations
7c9e0e8 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Improve dependency resolver for lockfiles
72cef36 
Handle various lockfile cases where:
* Same package/dependencies are present in different lockfiles
* Independent lockfiles without a manifest and root package
* Ecosystems which have only a single version of package in
  their environment
* Dependency graphs where a resolved package can have many
  parent packages.

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from 10eae0c to 795a740 Compare June 27, 2024 14:52
@AyanSinhaMahapatra
Merge branch 'main' into resolve-dependencies-from-lockfile
fae73bf 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from 795a740 to fae73bf Compare June 27, 2024 14:53
@AyanSinhaMahapatra
Copy link
Contributor Author

@tdruez ready for review again!

tdruez
tdruez requested changes Jun 27, 2024
View reviewed changes
Copy link
Contributor

@tdruez tdruez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AyanSinhaMahapatra That looks good, see my minor suggestions.
Also, do you think we have a good enough test coverage for the new resolution features?

scanpipe/models.py Show resolved Hide resolved
scanpipe/models.py Show resolved Hide resolved
scanpipe/pipes/__init__.py Outdated Show resolved Hide resolved
scanpipe/pipes/scancode.py Outdated Show resolved Hide resolved
scanpipe/tests/test_pipelines.py Outdated Show resolved Hide resolved
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from abaaf95 to 9e279b5 Compare June 28, 2024 11:29
@AyanSinhaMahapatra
Address feedback and refactor code
44711ea 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the resolve-dependencies-from-lockfile branch from 9e279b5 to 44711ea Compare June 28, 2024 11:34
@AyanSinhaMahapatra
FIx bugs for resolving python packages
023423c 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Add unit tests and refactor code
a9b2ed3 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
tdruez
tdruez requested changes Jul 1, 2024
View reviewed changes
Copy link
Contributor

@tdruez tdruez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AyanSinhaMahapatra Looks good, almost ready for merge.
See a few minor change requests.

We are missing a changelog entry that summarize all the changes of this PR.
It's quite an important one.

scanpipe/pipes/__init__.py Show resolved Hide resolved
scanpipe/pipes/__init__.py Outdated Show resolved Hide resolved
scanpipe/pipes/scancode.py Outdated Show resolved Hide resolved
@AyanSinhaMahapatra
Address comments and add CHANGELOG entries
f843a40 
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Copy link
Contributor Author

@tdruez thanks, I've addressed your comments and added the CHANGELOG entries, ready for review again.

@tdruez tdruez merged commit 08c54b1 into main Jul 1, 2024
9 checks passed
@tdruez tdruez deleted the resolve-dependencies-from-lockfile branch July 1, 2024 11:14
This was referenced Jul 1, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdruez tdruez Awaiting requested review from tdruez

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AyanSinhaMahapatra @tdruez