Fix misc package scanning bugs #4073
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,6 +14,7 @@ | |
|
|
||
| from packagedcode import models | ||
| from packagedcode.pypi import BaseDependencyFileHandler | ||
| from dparse2.parser import parse_requirement_line | ||
|
|
||
| """ | ||
| Handle Conda manifests and metadata, see https://docs.conda.io/en/latest/ | ||
|
|
@@ -23,18 +24,36 @@ | |
| """ | ||
|
|
||
| # TODO: there are likely other package data files for Conda | ||
|
|
||
| class CondaYamlHandler(BaseDependencyFileHandler): | ||
| datasource_id = 'conda_yaml' | ||
| path_patterns = ('*conda*.yaml', '*env*.yaml', '*environment*.yaml') | ||
| default_package_type = 'conda' | ||
AyanSinhaMahapatra marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| default_primary_language = 'Python' | ||
| description = 'Conda yaml manifest' | ||
| documentation_url = 'https://docs.conda.io/' | ||
|
|
||
| @classmethod | ||
| def parse(cls, location, package_only=False): | ||
| with open(location) as fi: | ||
| conda_data = saneyaml.load(fi.read()) | ||
| dependencies = get_conda_yaml_dependencies(conda_data=conda_data) | ||
| name = conda_data.get('name') | ||
| extra_data = {} | ||
| channels = conda_data.get('channels') | ||
| if channels: | ||
| extra_data['channels'] = channels | ||
| if name or dependencies: | ||
| package_data = dict( | ||
| datasource_id=cls.datasource_id, | ||
| type=cls.default_package_type, | ||
| name=name, | ||
| primary_language=cls.default_primary_language, | ||
| dependencies=dependencies, | ||
| extra_data=extra_data, | ||
| ) | ||
| yield models.PackageData.from_data(package_data, package_only) | ||
|
|
||
|
|
||
| class CondaMetaYamlHandler(models.DatafileHandler): | ||
| datasource_id = 'conda_meta_yaml' | ||
|
|
@@ -83,9 +102,7 @@ def parse(cls, location, package_only=False): | |
| metayaml = get_meta_yaml_data(location) | ||
| package_element = metayaml.get('package') or {} | ||
| package_name = package_element.get('name') | ||
| package_version = package_element.get('version') | ||
|
|
||
| # FIXME: source is source, not download | ||
| source = metayaml.get('source') or {} | ||
|
|
@@ -99,6 +116,7 @@ def parse(cls, location, package_only=False): | |
| vcs_url = about.get('dev_url') | ||
|
|
||
| dependencies = [] | ||
| extra_data = {} | ||
| requirements = metayaml.get('requirements') or {} | ||
| for scope, reqs in requirements.items(): | ||
| # requirements format is like: | ||
|
|
@@ -107,33 +125,152 @@ def parse(cls, location, package_only=False): | |
| # u'progressbar2', u'python >=3.6'])]) | ||
| for req in reqs: | ||
| name, _, requirement = req.partition(" ") | ||
| version = None | ||
| if requirement.startswith("=="): | ||
|
Member
There was a problem hiding this comment. I guess this is OK as a quick fix, but we should steal the code from https://github.com/conda/conda/blob/5eed0193f2acd45b26599af4b71f241fd8666ccd/conda/models/version.py#L52 in the future |
||
| _, version = requirement.split("==") | ||
|
|
||
| # requirements may have namespace, version too | ||
| # - conda-forge::numpy=1.15.4 | ||
| namespace = None | ||
| if "::" in name: | ||
| namespace, name = name.split("::") | ||
|
|
||
| is_pinned = False | ||
| if "=" in name: | ||
| name, version = name.split("=") | ||
| is_pinned = True | ||
| requirement = f"={version}" | ||
|
|
||
| if name in ('pip', 'python'): | ||
| if not scope in extra_data: | ||
| extra_data[scope] = [req] | ||
| else: | ||
| extra_data[scope].append(req) | ||
| continue | ||
|
|
||
| purl = PackageURL( | ||
| type=cls.default_package_type, | ||
| name=name, | ||
| namespace=namespace, | ||
| version=version, | ||
| ) | ||
| if "run" in scope: | ||
| is_runtime = True | ||
| is_optional = False | ||
| else: | ||
| is_runtime = False | ||
| is_optional = True | ||
|
|
||
| dependencies.append( | ||
| models.DependentPackage( | ||
| purl=purl.to_string(), | ||
| extracted_requirement=requirement, | ||
| scope=scope, | ||
| is_runtime=is_runtime, | ||
| is_optional=is_optional, | ||
| is_pinned=is_pinned, | ||
| is_direct=True, | ||
| ) | ||
| ) | ||
|
|
||
| package_data = dict( | ||
| datasource_id=cls.datasource_id, | ||
| type=cls.default_package_type, | ||
| name=package_name, | ||
| version=package_version, | ||
| download_url=download_url, | ||
| homepage_url=homepage_url, | ||
| vcs_url=vcs_url, | ||
| description=description, | ||
| sha256=sha256, | ||
| extracted_license_statement=extracted_license_statement, | ||
| dependencies=dependencies, | ||
| extra_data=extra_data, | ||
| ) | ||
| yield models.PackageData.from_data(package_data, package_only) | ||
|
|
||
|
|
||
| def get_conda_yaml_dependencies(conda_data): | ||
| """ | ||
| Return a list of DependentPackage mappins from conda and pypi | ||
| dependencies present in a `conda_data` mapping. | ||
| """ | ||
| dependencies = conda_data.get('dependencies') or [] | ||
| deps = [] | ||
| for dep in dependencies: | ||
| if isinstance(dep, str): | ||
| namespace = None | ||
| specs = None | ||
| is_pinned = False | ||
|
|
||
| if "::" in dep: | ||
| namespace, dep = dep.split("::") | ||
|
|
||
| req = parse_requirement_line(dep) | ||
| if req: | ||
| name = req.name | ||
| version = None | ||
|
|
||
| specs = str(req.specs) | ||
| if '==' in specs: | ||
| version = specs.replace('==','') | ||
| is_pinned = True | ||
| purl = PackageURL(type='pypi', name=name, version=version) | ||
| else: | ||
| if "=" in dep: | ||
| dep, version = dep.split("=") | ||
| is_pinned = True | ||
| specs = f"={version}" | ||
|
|
||
| purl = PackageURL( | ||
| type='conda', | ||
| namespace=namespace, | ||
| name=dep, | ||
| version=version, | ||
| ) | ||
|
|
||
| if purl.name in ('pip', 'python'): | ||
| continue | ||
|
|
||
| deps.append( | ||
| models.DependentPackage( | ||
| purl=purl.to_string(), | ||
| extracted_requirement=specs, | ||
| scope='dependencies', | ||
| is_runtime=True, | ||
| is_optional=False, | ||
| is_pinned=is_pinned, | ||
| is_direct=True, | ||
| ).to_dict() | ||
| ) | ||
|
|
||
| elif isinstance(dep, dict): | ||
| for line in dep.get('pip', []): | ||
| req = parse_requirement_line(line) | ||
| if req: | ||
| name = req.name | ||
| version = None | ||
| is_pinned = False | ||
| specs = str(req.specs) | ||
| if '==' in specs: | ||
| version = specs.replace('==','') | ||
| is_pinned = True | ||
| purl = PackageURL(type='pypi', name=name, version=version) | ||
| deps.append( | ||
| models.DependentPackage( | ||
| purl=purl.to_string(), | ||
| extracted_requirement=specs, | ||
| scope='dependencies', | ||
| is_runtime=True, | ||
| is_optional=False, | ||
| is_pinned=is_pinned, | ||
| is_direct=True, | ||
| ).to_dict() | ||
| ) | ||
|
|
||
| return deps | ||
|
|
||
|
|
||
| def get_meta_yaml_data(location): | ||
| """ | ||
| Return a mapping of conda metadata loaded from a meta.yaml files. The format | ||
|
|
@@ -158,10 +295,21 @@ def get_meta_yaml_data(location): | |
| # Replace the variable with the value | ||
| if '{{' in line and '}}' in line: | ||
| for variable, value in variables.items(): | ||
| if "|lower" in line: | ||
| line = line.replace('{{ ' + variable + '|lower' + ' }}', value.lower()) | ||
| else: | ||
| line = line.replace('{{ ' + variable + ' }}', value) | ||
| yaml_lines.append(line) | ||
|
|
||
| # Cleanup any remaining complex jinja template lines | ||
| # as the yaml load fails otherwise for unresolved jinja | ||
| cleaned_yaml_lines = [ | ||
| line | ||
| for line in yaml_lines | ||
| if not "{{" in line | ||
| ] | ||
|
|
||
| return saneyaml.load(''.join(cleaned_yaml_lines)) | ||
|
|
||
|
|
||
| def get_variables(location): | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # from https://raw.githubusercontent.com/bayer-science-for-a-better-life/phc-gnn/refs/heads/master/environment_gpu.yml | ||
|
|
||
| name: phc-gnn | ||
|
|
||
| channels: | ||
| - anaconda | ||
| - pytorch | ||
| - conda-forge | ||
| - defaults | ||
|
|
||
| dependencies: | ||
| - pip=20.2.4 | ||
| - anaconda::python=3.8.5 | ||
| - anaconda::python-dateutil=2.8.1 | ||
| - cudatoolkit=10.1 | ||
| - magma-cuda101 | ||
| - cudnn=7.6.5 | ||
| - pytorch=1.7.1 | ||
| - torchvision=0.8.2 | ||
| - torchaudio=0.7.2 | ||
| - conda-forge::numpy=1.19.2 | ||
| - anaconda::scipy=1.5.2 | ||
| - conda-forge::matplotlib=3.3.2 | ||
| - anaconda::networkx=2.5 | ||
| - anaconda::scikit-learn=0.23.2 | ||
| - anaconda::notebook=6.1.4 | ||
| - anaconda::jupyter_client=6.1.7 | ||
| - anaconda::jupyter_core=4.6.3 | ||
| - anaconda::h5py=2.10.0 | ||
| - conda-forge::tqdm=4.50.0 | ||
| - conda-forge::tensorboard=2.4.0 | ||
| - pip: | ||
| - ogb==1.2.4 | ||
| - pytest==6.2.1 | ||
| - bottleneck==1.3.2 | ||
| # - torch-cluster==1.5.8 | ||
| # - torch-scatter==2.0.5 | ||
| # - torch-sparse==0.6.8 | ||
| # - torch-spline-conv==1.2.0 | ||
| # - torch-geometric==1.6.1 |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you really want to use this and not our own pip-requirements-parser?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is what we were using previously with dparse, I added some improvements on the function, and this was using
parse_requirement_lineinternally, butpip-requirements-parserwould make more sense possibly, I will open a follow up issue on conda to include this. This would be helpful also to parse requirement lines with source repos.