Skip to content

Commit

Permalink
Pip: Do not raise PathDependenciesNotReachable for missing setup.py
Browse files Browse the repository at this point in the history
Previously, Dependabot would assume that for every requirements.txt with
a self-reference ('`-e .`), we should expect a `setup.py` to be present. The
self-reference is considered a path dependency that needs a setup.py.

However, nowadays it's valid to have a requirements.txt without a
setup.py. This change accounts for that by still attempting to pull in a
setup.py if it exists, but to not raise and error when it doesn't.
  • Loading branch information
jurre committed Jul 19, 2022
1 parent c0c5fc2 commit e0b33c6
Show file tree
Hide file tree
Showing 4 changed files with 925 additions and 18 deletions.
5 changes: 4 additions & 1 deletion python/lib/dependabot/python/file_fetcher.rb
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,10 @@ def fetch_path_setup_file(path, allow_pyproject: false)
fetch_submodules: true
).tap { |f| f.support_file = true }
rescue Dependabot::DependencyFileNotFound
raise unless allow_pyproject
# For Poetry projects attempt to fetch a pyproject.toml at the
# given path instead of a setup.py. We do not require a
# setup.py to be present, so if none can be found, simply return
return [] unless allow_pyproject

fetch_file_from_host(
path.gsub("setup.py", "pyproject.toml"),
Expand Down
53 changes: 36 additions & 17 deletions python/spec/dependabot/python/file_fetcher_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -1037,25 +1037,44 @@
end
end
end
end

context "that has an unfetchable path" do
before do
stub_request(:get, url + "setup.py?ref=sha").
with(headers: { "Authorization" => "token token" }).
to_return(status: 404)
stub_request(:get, url + "setup.cfg?ref=sha").
with(headers: { "Authorization" => "token token" }).
to_return(status: 404)
end
context "with a pyproject.toml and a requirements.txt file that does not use setup.py" do
let(:repo_contents) do
fixture("github", "contents_python_pyproject_and_requirements_without_setup_py.json")
end
before do
stub_request(:get, url + "requirements-test.txt?ref=sha").
with(headers: { "Authorization" => "token token" }).
to_return(
status: 200,
body: fixture("github", "requirements_with_self_reference.json"),
headers: { "content-type" => "application/json" }
)
stub_request(:get, url + "pyproject.toml?ref=sha").
with(headers: { "Authorization" => "token token" }).
to_return(
status: 200,
body: fixture("github", "contents_python_pyproject.json"),
headers: { "content-type" => "application/json" }
)
stub_request(:get, url + "setup.cfg?ref=sha").
with(headers: { "Authorization" => "token token" }).
to_return(
status: 200,
body: fixture("github", "setup_cfg_content.json"),
headers: { "content-type" => "application/json" }
)
stub_request(:get, url + "setup.py?ref=sha").
with(headers: { "Authorization" => "token token" }).
to_return(status: 404)
end

it "raises a PathDependenciesNotReachable error with details" do
expect { file_fetcher_instance.files }.
to raise_error(
Dependabot::PathDependenciesNotReachable,
"The following path based dependencies could not be retrieved: " \
"setup.py"
)
end
it "doesn't raise a path dependency error" do
expect(file_fetcher_instance.files.count).to eq(3)
expect(file_fetcher_instance.files.map(&:name)).to match_array(
["requirements-test.txt", "pyproject.toml", "setup.cfg"]
)
end
end

Expand Down
Loading

0 comments on commit e0b33c6

Please sign in to comment.