When statically parsing pyproject.toml, convert relative paths to absolute for use as file URIs #2221
Conversation
| assert out.exit_code == 0 | ||
| assert out.stdout == dedent( | ||
| f"""\ | ||
| foo[ext1] @ {src_file.parent.absolute().as_uri()} |
There was a problem hiding this comment.
Is this really what we want? I don't think people would expect absolute paths from someone else's computer to end up in their lock files..
There was a problem hiding this comment.
I agree, and it's why I was pretty hesitant at first. But also, that's the behavior from 7.4.1 -- it's just not tested.
In theory, someone could be using this in some controlled context like an image build and wanting the concrete dependency path that this provides. So although I'm uncertain that it's right for the long term, I don't want to treat it as blocking the fix.
There was a problem hiding this comment.
Wait, did it always use absolute paths in 7.4.1? Not relative? I thought it'd conform to the shape of input that the 7.5.0 changelog promises.. Can we use file://./rel/path/?
There was a problem hiding this comment.
The path in this case is part of the InstallRequirement itself -- the "link" attribute is populated with this file URI.
The normalization in 7.5.0 only applies to the comes_from data ("via").
We could reach down into this as well and convert to file://./rel/path/ as you say, but I'm not sure if we should. It would be a separate bit of data transformation -- we could share code but it's a different attribute of the parsed requirements data that we'd be manipulating.
There was a problem hiding this comment.
I suppose, we could postpone that for now. There might be a use case coverage missing for stripping the @ http://..source in some contexts.
|
Oh, looks like Windows is unhappy about the delimiters again. |
fc92905 to
b05d736
Compare
|
The thing I broke in the tests is treatment of Line 91 in 6e0ef33 It's easy to "fix" by just adding an |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as off-topic.
This comment was marked as off-topic.
# Pull Request There is an issue with self-referential packages in a pyproject.toml with the latest pip-tools release. The self-referential [all] package, which is not written to the requirements.txt as it is not selected still throws a pip-compile error. More information for this can be found in the ticket: jazzband/pip-tools#2215 The pin should be removed when jazzband/pip-tools#2221 gets merged.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
I've just gotten back to this, taken a look at the open threads and marked the ones which were applied as suggestions as resolved. I looked at what happens in the case of dynamic metadata, and we have a similar bit of path formatting in there. I'd like to resolve this by adding calls to @webknjaz, are you okay with that increase in scope? I'll need to add some new tests to cover it and another changelog note. |
|
@sirosen agreed. Increasing the scope sounds justified. |
10d5cf9 to
d42c30b
Compare
d42c30b to
bac58b8
Compare
|
I've rebased to keep this fresh with the latest fixes in With the |
|
I think something is wrong with the codecov integration. One thing I notice is that it seems to mark everything related to I don't think it's at all related to this PR. |
bac58b8 to
54ced7c
Compare
There was a problem hiding this comment.
Should we symlink 2233 (upon confirmation), also 2221 (or 2221.bugfix.1.md rather)?
There was a problem hiding this comment.
Yeah, #2233 is getting fixed here as well, so I added the symlink. And I did the 2221.bugfix.1.md one as well, since "why not?" 😄
I'm going to put this in the merge queue, along with any other changes I can round up right now.
There was a problem hiding this comment.
@sirosen the issues didn't end up auto-closed. Next time, plz try to remember to mark the PR as closing them (via web UI or closes/resolves/fixes keywords).
webknjaz
left a comment
There was a problem hiding this comment.
Looks good, but maybe add those change note refs before merging..
When statically parsing a pyproject.toml , we can encounter self-referential package usage. For example, an extra which names another extra on the same package. The source for these requirements is the current package, but as a concrete requirement, not an abstract one. To make it concrete, we use a URI dependency link pointed at the package directory as a file-URI. When the input path to `pyproject.toml` is relative, it needs to be made absolute for use as a URI. Failing to do so results in errors. Because the `pip-compile` output of an such an extra depends concretely on the specific version of the package found in-tree, and not abstractly on the package name (without the URI), tests confirm that we see the rendered package directory as a file URI in `pip-compile` output.
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <[email protected]>
When recording requirements derived from pyproject.toml data, the `comes_from` field includes the path to the pyprojct.toml file. Because this path is part of the output, which should therefore be stable across `pip-tools` invocations on different platforms, normalize these paths to posix-style.
23b4447 to
a5cf40c
Compare
When statically parsing a
pyproject.toml, we can encounter self-referential package usage. For example, an extra which names another extra on the same package.The source for these requirements is the current package, but as a concrete requirement, not an abstract one. To make it concrete, we use a URI dependency link pointed at the package directory as a file-URI.
When the input path to
pyproject.tomlis relative, it needs to be made absolute for use as a URI. Failing to do so results in errors.Because the
pip-compileoutput of an such an extra depends concretely on the specific version of the package found in-tree, and not abstractly on the package name (without the URI), tests confirm that we see the rendered package directory as a file URI inpip-compileoutput.Contributor checklist
changelog.d/(seechangelog.d/README.mdfor instructions) or the PR text says "no changelog needed".Maintainer checklist
skip-changeloglabel.