Skip to content

poetry check does not consider the package source #8704

New issue
New issue
Closed
#8709
Closed
poetry check does not consider the package source#8704
#8709
Labels
kind/featureFeature requests/implementations
@lucemia

Description

@lucemia
lucemia
opened on Nov 24, 2023
  • I have searched the issues of this repo and believe that this is not a duplicate.
  • I have searched the FAQ and general documentation and believe that my question is not already covered.

Feature Request

It would be excellent if poetry check could encompass common errors? when defining package sources.

Source is undefined

  • if there is a package point to not existing source
[tool.poetry]
name = "PythonProjects"
version = "2.0.0"
homepage = "https://github.com/roghu/py3_projects"
license = "MIT"
readme = "README.md"
authors = ["Dependabot <[email protected]>"]
description = "Various small python projects."

[tool.poetry.dependencies]
python = "^3.7"
requests = { version = "2.18.0", source = "custom-1" }

[[tool.poetry.source]]
name = "custom"
url = "https://some.internal.registry.com/pypi/"
  • poetry install will failed directly
(pythonprojects-py3.11) ➜  dependabot-source-constraint git:(main) ✗ poetry install
Warning: In a future version of Poetry, PyPI will be disabled automatically if at least one custom primary source is configured. In order to avoid a breaking change and make your pyproject.toml forward compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this has the advantage that you can set the priority of PyPI as with any other source.
Updating dependencies
Resolving dependencies... (0.0s)

Repository "custom-1" does not exist.

Package's source is not consistence

  • The behavior is undefined when a package is defined with different source configurations.
[tool.poetry]
name = "PythonProjects"
version = "2.0.0"
homepage = "https://github.com/roghu/py3_projects"
license = "MIT"
readme = "README.md"
authors = ["Dependabot <[email protected]>"]
description = "Various small python projects."


[tool.poetry.dependencies]
python = "^3.7"

requests = { version = "2.18.0", source = "custom-2" }
[tool.poetry.group.dev]
optional = true

[tool.poetry.group.dev.dependencies]
requests = { version = "2.18.0", extras=["dev"], source = "custom-3" }

[tool.poetry.group.test]
optional = true

[tool.poetry.group.test.dependencies]
requests = { version = "2.18.0", extras=["test"], source = "custom-1" }
 

[[tool.poetry.source]]
name = "custom-1"
url = "https://some.internal.registry-1.com/pypi/"

[[tool.poetry.source]]
name = "custom-2"
url = "https://some.internal.registry-2.com/pypi/"
  • Currently, Poetry selects only one source.
  • It appears that Poetry selects the source that is not in the default group and appears last in the pyproject.toml file.
(pythonprojects-py3.11) ➜  dependabot-source-constraint git:(main) ✗ poetry install -vvv
Adding repository custom-1 (https://some.internal.registry-1.com/pypi) and setting it as primary
Adding repository custom-2 (https://some.internal.registry-2.com/pypi) and setting it as primary
Warning: In a future version of Poetry, PyPI will be disabled automatically if at least one custom primary source is configured. In order to avoid a breaking change and make your pyproject.toml forward compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this has the advantage that you can set the priority of PyPI as with any other source.
Using virtualenv: /Users/davidchen/repo/dependabot-source-constraint/.venv
Updating dependencies
Resolving dependencies...
   1: fact: pythonprojects is 2.0.0
   1: derived: pythonprojects
   1: fact: pythonprojects depends on requests (2.18.0)
   1: fact: pythonprojects depends on requests (2.18.0)
   1: fact: pythonprojects depends on requests (2.18.0)
   1: selecting pythonprojects (2.0.0)
   1: derived: requests[test] (==2.18.0)
   1: derived: requests[dev] (==2.18.0)
   1: derived: requests (==2.18.0)
[keyring.backend] Loading KWallet
[keyring.backend] Loading SecretService
[keyring.backend] Loading Windows
[keyring.backend] Loading chainer
[keyring.backend] Loading libsecret
[keyring.backend] Loading macOS
[keyring.backend] Loading Google Auth
Creating new session for some.internal.registry-1.com
[urllib3.connectionpool] Starting new HTTPS connection (1): some.internal.registry-1.com:443

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureFeature requests/implementations

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions