Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt a dependency management strategy for utility dependencies #7988

Closed
rhmdnd opened this issue Dec 9, 2021 · 4 comments
Closed

Adopt a dependency management strategy for utility dependencies #7988

rhmdnd opened this issue Dec 9, 2021 · 4 comments
Assignees
@Mab879 @rhmdnd

Comments

@rhmdnd
Copy link
Collaborator

rhmdnd commented Dec 9, 2021

Description of problem:

The utils/ directory has a bunch of useful python scripts for working with CaC content. Some of the scripts rely on libraries outside the python standard library. To make it easier to use, should we consider adopting a requirements.txt file utility dependencies?

SCAP Security Guide Version:

Operating System Version:

Steps to Reproduce:

  1. Try running any utility script with non-standard library dependency
$ python utils/duplicated_prodtypes.py -h
Traceback (most recent call last):
  File "/home/lbragstad/Projects/content/utils/duplicated_prodtypes.py", line 8, in <module>
    import ssg
ModuleNotFoundError: No module named 'ssg'

Actual Results:

Import failures depending on the scripts you're trying to use.

Expected Results:

Tools work as expected after installing requirements.

Additional Information/Debugging Steps:

We could update the documentation to reference requirements.txt during install process, or use tox to build a virtual environment with all the necessary dependencies for the utility scripts we rely on in CaC.
@jharmison-redhat
Copy link

jharmison-redhat commented Dec 9, 2021
edited
Loading

I propose a third alternative which would work well for the use case of the utility scripts:
https://github.com/pypa/pipenv

  • Pipfile.lock would be equivalent to pinning versions in requirements.txt, except less hassle to maintain
  • Unifying virtualenv and Python dependency management makes the project more approachable
  • No complexity with managing testenvs and the expected behavior of shell scripts as would be experienced with tox.

The biggest argument against this, of course, is:

  • It's outside of the default python ecosystem, and bringing another tool in to help above a requirements.txt might be confusing for people not used to it (this holds true for tox as well).

@rhmdnd rhmdnd changed the title Adopt a requirements file for utility dependencies Adopt a dependency management strategy for utility dependencies Dec 9, 2021
@rhmdnd
Copy link
Collaborator Author

rhmdnd commented Dec 9, 2021
edited
Loading

That's a good point. I updated the issue to be more generic about dependency management.

I'm in favor of either approach. In my opinion, I feel like offering something to handle dependencies, even if it does add another tool to the project, makes it easier to use all the utility scripts.

This was referenced Apr 19, 2023
Closed
Closed
@Mab879 Mab879 added this to the 0.1.68 milestone Apr 19, 2023
@jan-cerny jan-cerny modified the milestones: 0.1.68, 0.1.69 May 29, 2023
@Mab879
Copy link
Member

Mab879 commented Jun 6, 2023

#10487 has been merged, to help with the Python side.

@vojtapolasek vojtapolasek modified the milestones: 0.1.69, 0.1.70 Jul 18, 2023
@Mab879 Mab879 modified the milestones: 0.1.70, 0.1.71 Oct 2, 2023
@vojtapolasek vojtapolasek modified the milestones: 0.1.71, 0.1.72 Nov 28, 2023
@marcusburghardt marcusburghardt modified the milestones: 0.1.72, 0.1.73 Jan 29, 2024
@vojtapolasek vojtapolasek modified the milestones: 0.1.73, 0.1.74 Apr 30, 2024
@Mab879 Mab879 modified the milestones: 0.1.74, 0.1.75 Jul 29, 2024
@Mab879
Copy link
Member

Mab879 commented Nov 20, 2024

We have requirements.txt now, closing.

@Mab879 Mab879 closed this as completed Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

@rhmdnd rhmdnd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Mab879 @vojtapolasek @marcusburghardt @jan-cerny @jharmison-redhat @rhmdnd