properly handle direct URLs without shas

Author: aignas

python/private/pypi/whl_library.bzl

@@ -270,6 +270,12 @@ def _whl_library_impl(rctx):
             sha256 = rctx.attr.sha256,
             auth = get_auth(rctx, urls),
         )
+        if not rctx.attr.sha256:
+            # this is only seen when there is a direct URL reference without sha256
+            logger.warn("Please update the requirement line to include the hash:\n{} \\\n    --hash=sha256:{}".format(
+                rctx.attr.requirement,
+                result.sha256,
+            ))
 
         if not result.success:
             fail("could not download the '{}' from {}:\n{}".format(filename, urls, result))

python/private/pypi/whl_repo_name.bzl

@@ -32,11 +32,19 @@ def whl_repo_name(filename, sha256):
 
     if not filename.endswith(".whl"):
         # Then the filename is basically foo-3.2.1.<ext>
-        parts.append(normalize_name(filename.rpartition("-")[0]))
-        parts.append("sdist")
+        name, _, tail = filename.rpartition("-")
+        parts.append(normalize_name(name))
+        if sha256:
+            parts.append("sdist")
+            version = ""
+        else:
+            for ext in [".tar", ".zip"]:
+                tail, _, _ = tail.partition(ext)
+            version = tail.replace(".", "_").replace("!", "_")
     else:
         parsed = parse_whl_name(filename)
         name = normalize_name(parsed.distribution)
+        version = parsed.version.replace(".", "_").replace("!", "_")
         python_tag, _, _ = parsed.python_tag.partition(".")
         abi_tag, _, _ = parsed.abi_tag.partition(".")
         platform_tag, _, _ = parsed.platform_tag.partition(".")
@@ -46,7 +54,10 @@ def whl_repo_name(filename, sha256):
         parts.append(abi_tag)
         parts.append(platform_tag)
 
-    parts.append(sha256[:8])
+    if sha256:
+        parts.append(sha256[:8])
+    elif version:
+        parts.insert(1, version)
 
     return "_".join(parts)
 

tests/pypi/extension/extension_tests.bzl

@@ -678,6 +678,7 @@ simple==0.0.1 \
     --hash=sha256:deadb00f
 some_pkg==0.0.1 @ example-direct.org/some_pkg-0.0.1-py3-none-any.whl \
     --hash=sha256:deadbaaf
+direct_without_sha==0.0.1 @ example-direct.org/direct_without_sha-0.0.1-py3-none-any.whl
 some_other_pkg==0.0.1
 pip_fallback==0.0.1
 """,
@@ -690,10 +691,20 @@ pip_fallback==0.0.1
     )
 
     pypi.is_reproducible().equals(False)
-    pypi.exposed_packages().contains_exactly({"pypi": ["pip_fallback", "simple", "some_other_pkg", "some_pkg"]})
+    pypi.exposed_packages().contains_exactly({"pypi": ["direct_without_sha", "pip_fallback", "simple", "some_other_pkg", "some_pkg"]})
     pypi.hub_group_map().contains_exactly({"pypi": {}})
     pypi.hub_whl_map().contains_exactly({
         "pypi": {
+            "direct_without_sha": {
+                "pypi_315_direct_without_sha_py3_none_any_00000000": [
+                    struct(
+                        config_setting = None,
+                        filename = "direct_without_sha-0.0.1-py3-none-any.whl",
+                        target_platforms = None,
+                        version = "3.15",
+                    ),
+                ],
+            },
             "pip_fallback": {
                 "pypi_315_pip_fallback": [
                     struct(
@@ -745,6 +756,16 @@ pip_fallback==0.0.1
         },
     })
     pypi.whl_libraries().contains_exactly({
+        "pypi_315_direct_without_sha_py3_none_any_00000000": {
+            "dep_template": "@pypi//{name}:{target}",
+            "experimental_target_platforms": ["cp315_linux_aarch64", "cp315_linux_arm", "cp315_linux_ppc", "cp315_linux_s390x", "cp315_linux_x86_64", "cp315_osx_aarch64", "cp315_osx_x86_64", "cp315_windows_x86_64"],
+            "filename": "direct_without_sha-0.0.1-py3-none-any.whl",
+            "python_interpreter_target": "unit_test_interpreter_target",
+            "repo": "pypi_315",
+            "requirement": "direct_without_sha==0.0.1 @ example-direct.org/direct_without_sha-0.0.1-py3-none-any.whl",
+            "sha256": "",
+            "urls": ["example-direct.org/direct_without_sha-0.0.1-py3-none-any.whl"],
+        },
         "pypi_315_pip_fallback": {
             "dep_template": "@pypi//{name}:{target}",
             "extra_pip_args": ["--extra-args-for-sdist-building"],

tests/pypi/whl_repo_name/whl_repo_name_tests.bzl

@@ -25,12 +25,24 @@ def _test_simple(env):
 
 _tests.append(_test_simple)
 
+def _test_simple_no_sha(env):
+    got = whl_repo_name("foo-1.2.3-py3-none-any.whl", "")
+    env.expect.that_str(got).equals("foo_1_2_3_py3_none_any")
+
+_tests.append(_test_simple_no_sha)
+
 def _test_sdist(env):
     got = whl_repo_name("foo-1.2.3.tar.gz", "deadbeef000deadbeef")
     env.expect.that_str(got).equals("foo_sdist_deadbeef")
 
 _tests.append(_test_sdist)
 
+def _test_sdist_no_sha(env):
+    got = whl_repo_name("foo-1.2.3.tar.gz", "")
+    env.expect.that_str(got).equals("foo_1_2_3")
+
+_tests.append(_test_sdist_no_sha)
+
 def _test_platform_whl(env):
     got = whl_repo_name(
         "foo-1.2.3-cp39.cp310-abi3-manylinux1_x86_64.manylinux_2_17_x86_64.whl",