Checks which imports are done and compares them to what's in setup.py and
warn when discovering missing or unneeded dependencies.
Contents
z3c.dependencychecker reports on:
Missing (test) requirements: imports without a corresponding requirement in the
setup.py. There might be false alarms, but at least you've got a (hopefully short) list of items to check.Watch out for packages that have a different name than how they're imported. For instance a requirement on
pydnswhich is used asimport DNSin your code: pydns and DNS lead to separate "missing requirements: DNS" and "unneeded requirements: pydns" warnings.Unneeded (test) requirements: requirements in your setup.py that aren't imported anywhere in your code. You might need them because not everything needs to be imported. It at least gives you a much smaller list to check by hand.
Requirements that should be test-only: if something is only imported in a test file, it shouldn't be in the generic defaults. So you get a separate list of requirements that should be moved from the regular to the test requirements.
It checks the following locations:
- Python files for regular imports and their docstrings.
- ZCML files, Plone's generic setup files as well as FTI XML files.
- Python files,
.txtand.rstfiles for imports in doctests. - django settings files.
Some packages available on pypi have a different name than the import statement needed to use them, i.e. python-dateutil is imported as import dateutil. Others provide more than one package, i.e Zope2 provides several packages like Products.Five or Products.OFSP.
For those cases, z3c.dependencychecker has a solution: user mappings.
Add a pyproject.toml file on the root of your project with the following content:
[tool.dependencychecker] python-dateutil = ['dateutil'] Zope2 = ['Products.Five', 'Products.OFSP' ]
z3c.dependencychecker will read this information and use it on its reports.
Sometimes you need to add a package in setup.py although you are not importing it directly, but maybe is an extra dependency of one of your dependencies, or your package has a soft dependency on a package, and as a soft dependency it is not mandatory to install it always.
z3c.dependencychecker would complain in both cases. It would report that a dependency is not needed, or that a missing package is not listed on the package requirements.
Fortunately, z3c.dependencychecker also has a solution for it.
Add a pyproject.toml file on the root of your project with the following content:
[tool.dependencychecker] ignore-packages = ['one-package', 'another.package' ]
z3c.dependencychecker will totally ignore those packages in its reports, whether they're requirements that appear to be unused, or requirements that appear to be missing.
z3c.dependencychecker is a different application/packaging of zope's importchecker utility. It has been used in quite some projects, I grabbed a copy from lovely.recipe's checkout.
- Martijn Faassen wrote the original importchecker script.
- Reinout van Rees added the dependency checker functionality and packaged it (mostly while working at The Health Agency).
- Quite some fixes from Jonas Baumann.
- Many updates (basically: rewriting the entire codebase to work with AST!) to work well with modern Plone versions by Gil Forcada Codinachs <http://gil.badall.net/>.
The source code can be found on github: https://github.com/reinout/z3c.dependencychecker
You can fork and fix it from there. And you can add issues and feature requests in the github issue tracker.
Every time you commit something, bin/code-analysis is automatically
run. Pay attention to the output and fix the problems that are reported. Or
fix the setup so that inappropriate reports are filtered out.
Create a virtualenv and install the requirements:
$ python3 -m venv venv $ . venv/bin/activate $ pip install -r requirements.txt
If you changed the actual requirements in setup.py or the development
requirements in requirements.in, re-generate requirements.txt:
$ pip-compile requirements.in
To run the tests we use the setup of plone/meta. So stuff like:
$ tox -e test $ tox -e format $ pre-commit run --all