Merge pull request #7922 from dependabot/dependabot/pip/python/helper…

…s/pipenv-2023.8.28 Bump pipenv from 2022.4.8 to 2023.8.28 in /python/helpers
dependabot · Sep 22, 2023 · cbacfc2 · cbacfc2
2 parents 0997935 + b3ea738
commit cbacfc2
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 1,200 deletions.
diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
@@ -2,7 +2,7 @@ pip==23.2.1
 pip-tools==7.3.0
 flake8==6.1.0
 hashin==0.17.0
-pipenv==2022.4.8
+pipenv==2023.8.28
 pipfile==0.0.2
 poetry==1.6.1
 

diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
@@ -29,20 +29,13 @@ class UpdateChecker
       # just raise if the latest version can't be resolved. Knowing that is
       # still better than nothing, though.
       class PipenvVersionResolver
-        # rubocop:disable Layout/LineLength
-        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?<url>[^\s]+).* /
-        GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
-        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
-                                    " with exit status 1: python setup.py egg_info"
-        TRACEBACK = "Traceback (most recent call last):"
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
+        GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
+        PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
         PIPENV_INSTALLATION_ERROR_REGEX =
-          /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
+          /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
 
-        UNSUPPORTED_DEPS = %w(pyobjc).freeze
-        UNSUPPORTED_DEP_REGEX =
-          /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join('|')})/
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
-        # rubocop:enable Layout/LineLength
 
         DEPENDENCY_TYPES = %w(packages dev-packages).freeze
 
@@ -136,17 +129,6 @@ def handle_pipenv_errors(error)
             raise DependencyFileNotResolvable, msg
           end
 
-          if error.message.match?(UNSUPPORTED_DEP_REGEX)
-            msg = "Dependabot detected a dependency that can't be built on " \
-                  "linux. Currently, all Dependabot builds happen on linux " \
-                  "boxes, so there is no way for Dependabot to resolve your " \
-                  "dependency files.\n\n" \
-                  "Unless you think Dependabot has made a mistake (please " \
-                  "tag us if so) you may wish to disable Dependabot on this " \
-                  "repo."
-            raise DependencyFileNotResolvable, msg
-          end
-
           if error.message.match?(PIPENV_RANGE_WARNING)
             msg = "Pipenv does not support specifying Python ranges " \
                   "(see https://github.com/pypa/pipenv/issues/1050 for more " \
@@ -183,18 +165,19 @@ def handle_pipenv_errors(error)
             return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
           end
 
+          if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
+            tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
+            # Unfortunately the error message doesn't include the package name.
+            # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
+            raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
+          end
+
           if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
             url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
                        .named_captures.fetch("url")
             raise GitDependenciesNotReachable, url
           end
 
-          if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
-            name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
-                        .named_captures.fetch("name")
-            raise GitDependencyReferenceNotFound, name
-          end
-
           raise unless error.message.include?("could not be resolved")
         end
         # rubocop:enable Metrics/CyclomaticComplexity
@@ -258,7 +241,7 @@ def clean_error_message(message)
                   next false if l.start_with?("CRITICAL:")
                   next false if l.start_with?("ERROR:")
                   next false if l.start_with?("packaging.specifiers")
-                  next false if l.start_with?("pipenv.patched.notpip._internal")
+                  next false if l.start_with?("pipenv.patched.pip._internal")
                   next false if l.include?("Max retries exceeded")
 
                   true

diff --git a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
@@ -115,9 +115,9 @@
         expect { subject }
           .to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
             expect(error.message).to start_with(
-              "CRITICAL:pipenv.patched.notpip._internal.resolution.resolvelib.factory:" \
+              "CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:" \
               "Could not find a version that satisfies the requirement " \
-              "pytest==10.4.0"
+              "Pytest==10.4.0"
             )
           end
       end
@@ -132,20 +132,6 @@
       it { is_expected.to eq(Gem::Version.new("1.7.0")) }
     end
 
-    context "with a dependency that can only be built on a mac" do
-      let(:pipfile_fixture_name) { "unsupported_dep" }
-      let(:lockfile_fixture_name) { "unsupported_dep.lock" }
-
-      it "raises a helpful error" do
-        expect { subject }
-          .to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
-            expect(error.message).to start_with(
-              "Dependabot detected a dependency that can't be built on linux"
-            )
-          end
-      end
-    end
-
     context "with a path dependency", :slow do
       let(:dependency_files) { [pipfile, lockfile, setupfile] }
       let(:setupfile) do
@@ -294,7 +280,9 @@
         it "raises a helpful error" do
           expect { subject }
             .to raise_error(Dependabot::GitDependencyReferenceNotFound) do |err|
-              expect(err.dependency).to eq("pythonfinder")
+              expect(err.message).to eq(
+                "The branch or reference specified for (unknown package at v15.1.2) could not be retrieved"
+              )
             end
         end
       end
@@ -391,7 +379,7 @@
         expect { subject }
           .to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
             expect(error.message).to include(
-              "ERROR: No matching distribution found for rtree==0.9.3"
+              "ERROR:pip.subprocessor:[present-rich] python setup.py egg_info exited with 1"
             )
           end
       end

diff --git a/python/spec/fixtures/pipfile_files/git_source_no_ref.lock b/python/spec/fixtures/pipfile_files/git_source_no_ref.lock
@@ -36,6 +36,7 @@
         },
         "pythonfinder": {
             "git": "https://github.com/sarugaku/pythonfinder.git",
+            "markers": "python_version >= '3.7'",
             "ref": "9ee85b83290850f99dec2c0ec58a084305047347"
         },
         "requests": {

diff --git a/python/spec/fixtures/pipfile_files/unsupported_dep b/python/spec/fixtures/pipfile_files/unsupported_dep