Add transpiler to produce pip requirements file #345
Conversation
valentin-krasontovitsch
force-pushed
the
add-pipfile-transpiler
branch
from
932e29b to
56c4d48
Compare
komodo/snyk_reporting.py
Outdated
| # 149: fail | ||
| # 180: fail | ||
| # 180:-25 - fail | ||
| # 200:-25 - fail | ||
| # 260:-25 - worked | ||
| # 200:261 - failed | ||
| # 230:261 - worked | ||
| # 200:230 - worked | ||
| # 220:261 - worked | ||
| # 200:241 - worked | ||
| # 200:251 - failed | ||
| # 210:251 - worked | ||
| # 205:251 - worked | ||
| # snyk_search_string = "\n".join(snyk_search_string.splitlines()[202:251]) | ||
| # snyk_search_string = "soupsieve==2.3.2.post1" |
There was a problem hiding this comment.
What is the purpose of these comments?
There was a problem hiding this comment.
oh thank you that was me debugging a snyk failure - gonna remove those 😅
There was a problem hiding this comment.
... and all the other print statements ...
| for rhel_ver in ("rhel7",): | ||
| for py_ver in ("py38",): |
There was a problem hiding this comment.
This is an interesting way of writing:
rhel_ver = "rhel7"
py_ver = "py38"There was a problem hiding this comment.
indeed! i think it comes from a time when there were several potential versions of OS and python. if i scrap it here, i'd probably have to scrap it many places in the tests and/or code... what do you think? should i keep it consistent, do lots of changes, ... ?
There was a problem hiding this comment.
It is only a matter of time before we add py310 ...
There was a problem hiding this comment.
great! and i guess we will support both 3.8 and 3.10, at least for a while?
|
Wanted to ask if you've had a chance to look at #315 to see if/how they interact? Question: is a "matrix file" a single release file for one 'element' in the matrix, or is it the big 'all platforms, all versions' file that Wondering if instead of adding a new subcommand, it could be clearer to add 'filtering' to the existing Lastly, I think the new functions need docstrings. |
|
thanks for bringing that issue / PR to my attention - i have not looked at it, but at first quick glance it seems orthogonal to what i try to achieve here, but would benefit from / have to be adjusted to the changes there. i am so sorry, but i'm afraid i am not able to relieve you of your confusion, because i hold and cherish that same confusion myself : D thing is, the transpilation as it stands does not produce "what i want", namely a pip requirements file of the form rather i think it produces just some different yaml. docstrings, yes, of course, i will look into that, thank you : ) |
I guess regardless of this PR we should try to merge this first, where in the additional parameters (python and os versions) can be linked into your PR or? |
|
yes totally! gonna wait with this for now, and rebase / adjust once the other transpiler PR is merged |
valentin-krasontovitsch
force-pushed
the
add-pipfile-transpiler
branch
2 times, most recently
from
f9f172d to
34bba01
Compare
valentin-krasontovitsch
force-pushed
the
add-pipfile-transpiler
branch
from
34bba01 to
b958f09
Compare
|
rebasing is done, can i please get another review to get his merged? @yngve-sk |
this adds a transpiler that can create a pip requirements file from a release matrix file (and a repo).
could for instance be used in workflows as input for checking dependency conflicts, checking for upgradable packages, or scanning for vulnerabilities.