Conversation
|
i may add some additional functionality - specifically im thinking it could create venvs and do this would pick up bugs like the recent ones where dependabot has updated a pip requirement but not all requirements were triggered in the relevant pr |
50b02b8 to
c74a9df
Compare
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
c74a9df to
bdea782
Compare
|
apologies for bad rebase |
cfb9d5e to
3b06efa
Compare
4d4c97e to
156ef97
Compare
Signed-off-by: Ryan Northey <ryan@synca.io>
156ef97 to
925c2b5
Compare
| return set( | ||
| root[len(self.path):] | ||
| for root, dirs, files in os.walk(self.path) | ||
| if "requirements.txt" in files) |
There was a problem hiding this comment.
use a constant and add a note about hardcoding requirements.txt
|
|
||
|
|
||
| # TODO(phlax): move this to a base module | ||
| class Checker(object): |
There was a problem hiding this comment.
@phlax can this verify that we're doing pinning for all requirements.txt? CC @moderation
There was a problem hiding this comment.
not yet, but yes, kinda in 2 ways
we could add pip-compile which is kinda like pipfmt, and can check/generate hashes
secondly we could/should run a bazel query to ensure that all of the pip targets use require-hashes
There was a problem hiding this comment.
can we do this in a follow up, it brings quite a few considerations beyond this PR
|
/lgtm deps |
Signed-off-by: Ryan Northey ryan@synca.io
Commit Message: deps: Add pip check tool
Additional Description:
adds a tool to check that all pip requirements are properly specified for dependabot
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue] Fix: #15665
[Optional Deprecated:]
[Optional API Considerations:]