Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Respect poetry explicit source #8371

Merged
merged 1 commit into from
Nov 16, 2023
Merged

Respect poetry explicit source #8371

merged 1 commit into from
Nov 16, 2023

Conversation

lucemia
Copy link
Contributor

@lucemia lucemia commented Nov 13, 2023
edited by deivid-rodriguez
Loading

Context

Poetry 1.5.0 introduced the concept of an explicit package source, which can be found here: Explicit Package Sources.

If package sources are configured as explicit, these sources are only searched when a package configuration explicitly indicates that it should be found on this package source.

Summary of Modifications

  • An update has been made to the pyproject_files_parser, which previously ignored package source configuration in pyproject.toml but will now correctly read the value.
  • The index_finder has also been updated to ignore any source marked as explicit unless it is specified as the source of the package.

Testing

  • test with ./bin/dry-run.rb and check explicit package source won't be consider unless it is defined as the source of a package

User facing changes

  • a source marked as explicitly, won't be check for package that not specified it as source
  • other behavior should be the same

To-Do:

  • based on the document package-source-constraint, If a package specifies a source, it should not check other sources. Currently all sources (except explicitly) will still be considered

A repository that is configured to be the only source for retrieving a certain package can itself have any priority. In particular, it does not need to have priority "explicit". If a repository is configured to be the source of a package, it will be the only source that is considered for that package and the repository priority will have no effect on the resolution.

Fixes #7918.

@lucemia lucemia requested a review from a team as a code owner November 13, 2023 05:40
@lucemia lucemia mentioned this pull request Nov 13, 2023
Closed
1 task
@lucemia lucemia force-pushed the fix-7918-dependabot-updater-respect-poetry-explicit-source branch from a8f01bb to 079745c Compare November 15, 2023 02:33
@lucemia lucemia marked this pull request as draft November 15, 2023 09:54
@lucemia lucemia marked this pull request as ready for review November 15, 2023 15:52
@lucemia lucemia mentioned this pull request Nov 16, 2023
Closed
1 task
deivid-rodriguez
deivid-rodriguez approved these changes Nov 16, 2023
View reviewed changes
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great.

I added a few nitpick comments, nothing that blocks merging this as is, really, but feel free to address!

python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb Outdated Show resolved Hide resolved
python/spec/dependabot/python/update_checker/index_finder_spec.rb Outdated Show resolved Hide resolved
python/spec/dependabot/python/update_checker/index_finder_spec.rb Outdated Show resolved Hide resolved
python/spec/fixtures/pyproject_files/extra_source_explicit.toml Outdated Show resolved Hide resolved
deivid-rodriguez
deivid-rodriguez reviewed Nov 16, 2023
View reviewed changes
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great now, could you squash all commits into one to simplify git history?

python/spec/dependabot/python/update_checker/index_finder_spec.rb Outdated Show resolved Hide resolved
@lucemia lucemia force-pushed the fix-7918-dependabot-updater-respect-poetry-explicit-source branch from 280bcab to 4f68873 Compare November 16, 2023 15:04
@lucemia lucemia force-pushed the fix-7918-dependabot-updater-respect-poetry-explicit-source branch from 4f68873 to 4f19273 Compare November 16, 2023 15:05
@lucemia
Copy link
Contributor Author

lucemia commented Nov 16, 2023

@deivid-rodriguez done!

deivid-rodriguez
deivid-rodriguez approved these changes Nov 16, 2023
View reviewed changes
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, I will merge and deploy this later today! Thanks for the great work 💪

@deivid-rodriguez deivid-rodriguez force-pushed the fix-7918-dependabot-updater-respect-poetry-explicit-source branch from 4f19273 to d57649e Compare November 16, 2023 15:45
@deivid-rodriguez deivid-rodriguez changed the title Fix 7918 dependabot updater respect poetry explicit source Respect poetry explicit source Nov 16, 2023
@deivid-rodriguez
Copy link
Contributor

Thanks so much for the nice contribution!

@deivid-rodriguez deivid-rodriguez merged commit ed284ed into dependabot:main Nov 16, 2023
80 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deivid-rodriguez deivid-rodriguez deivid-rodriguez approved these changes

Assignees
No one assigned
Labels
L: python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

dependabot updater still check poetry explicit source
2 participants
@lucemia @deivid-rodriguez