From d5c395bdfa97288806eae2c300d2157ff970c1d5 Mon Sep 17 00:00:00 2001 From: Jeff Widman Date: Sat, 22 Jul 2023 15:07:24 -0700 Subject: [PATCH] Stop specifying all supported python versions Now that we've dropped Python 3.6 support, we no longer need to explicitly list all python versions down to the `patch` level because the following are true: 1. All python versions that Dependabot supports have a matching major.minor python version that is already pre-installed in the Dockerfile. 2. We completely ignore the patch level when matching the user's desired python with the python versions we support. So we only need to track the explicit version that is pre-downloaded/installed to the Dockerfile. --- python/Dockerfile | 2 + python/README.md | 2 +- .../file_updater/pip_compile_file_updater.rb | 1 - .../file_updater/poetry_file_updater.rb | 1 - .../python/language_version_manager.rb | 46 +++++++++---------- .../lib/dependabot/python/python_versions.rb | 32 ------------- .../pip_compile_version_resolver.rb | 1 - .../update_checker/pipenv_version_resolver.rb | 1 - .../update_checker/poetry_version_resolver.rb | 1 - 9 files changed, 24 insertions(+), 63 deletions(-) delete mode 100644 python/lib/dependabot/python/python_versions.rb diff --git a/python/Dockerfile b/python/Dockerfile index d262fe3b959..8b85627d22d 100644 --- a/python/Dockerfile +++ b/python/Dockerfile @@ -1,3 +1,5 @@ +# This list must match the versions specified in +# python/lib/dependabot/python/language_version_manager.rb: PRE_INSTALLED_PYTHON_VERSIONS ARG PY_3_11=3.11.4 ARG PY_3_10=3.10.12 ARG PY_3_9=3.9.17 diff --git a/python/README.md b/python/README.md index e0acfae564d..10d870a59a4 100644 --- a/python/README.md +++ b/python/README.md @@ -10,7 +10,7 @@ Updating the list of known versions might be tricky, here are the steps: 1. Update the `pyenv` version in the [`Dockerfile`](https://github.com/dependabot/dependabot-core/blob/main/python/Dockerfile), you may use a commit hash if a new `pyenv` version is not released yet. 2. Update the `pyenv global` version in the `Dockerfile`. We always use the latest (and greatest) Python version. -3. Update the list of known Python versions in [`python_versions.rb`](https://github.com/dependabot/dependabot-core/blob/main/python/lib/dependabot/python/python_versions.rb). +3. Update the list of known Python versions in [`language_version_manager.rb`](https://github.com/dependabot/dependabot-core/blob/main/python/lib/dependabot/python/language_version_manager.rb). 4. Fix any broken tests. [Example PR](https://github.com/dependabot/dependabot-core/pull/7412) that does all these things. diff --git a/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb b/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb index 8872fb972c5..0094e7f7daf 100644 --- a/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +++ b/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb @@ -9,7 +9,6 @@ require "dependabot/shared_helpers" require "dependabot/python/language_version_manager" require "dependabot/python/native_helpers" -require "dependabot/python/python_versions" require "dependabot/python/name_normaliser" require "dependabot/python/authed_url_builder" diff --git a/python/lib/dependabot/python/file_updater/poetry_file_updater.rb b/python/lib/dependabot/python/file_updater/poetry_file_updater.rb index 955bf034f94..a0e318b977e 100644 --- a/python/lib/dependabot/python/file_updater/poetry_file_updater.rb +++ b/python/lib/dependabot/python/file_updater/poetry_file_updater.rb @@ -7,7 +7,6 @@ require "dependabot/python/language_version_manager" require "dependabot/python/version" require "dependabot/python/requirement" -require "dependabot/python/python_versions" require "dependabot/python/file_parser/python_requirement_parser" require "dependabot/python/file_updater" require "dependabot/python/native_helpers" diff --git a/python/lib/dependabot/python/language_version_manager.rb b/python/lib/dependabot/python/language_version_manager.rb index d97c769ca57..bb94edb5b76 100644 --- a/python/lib/dependabot/python/language_version_manager.rb +++ b/python/lib/dependabot/python/language_version_manager.rb @@ -6,6 +6,15 @@ module Dependabot module Python class LanguageVersionManager + # This list must match the versions specified at the top of `python/Dockerfile` + PRE_INSTALLED_PYTHON_VERSIONS = %w( + 3.11.4 + 3.10.12 + 3.9.17 + 3.8.17 + 3.7.17 + ).freeze + def initialize(python_requirement_parser:) @python_requirement_parser = python_requirement_parser end @@ -58,32 +67,19 @@ def python_requirement_string def python_version_from_supported_versions requirement_string = python_requirement_string - # Ideally, the requirement is satisfied by a Python version we support - requirement = - Python::Requirement.requirements_array(requirement_string).first - version = - PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE. - find { |v| requirement.satisfied_by?(Python::Version.new(v)) } - return version if version + # If the requirement string isn't already a range (eg ">3.10"), coerce it to "major.minor.*". + # The patch version is ignored because a non-matching patch version is unlikely to affect resolution. + requirement_string = requirement_string.gsub(/\.\d+$/, ".*") if requirement_string.start_with?(/\d/) - # If not, and we're dealing with a simple version string - # and changing the patch version would fix things, we do that - # as the patch version is unlikely to affect resolution - if requirement_string.start_with?(/\d/) - requirement = - Python::Requirement.new(requirement_string.gsub(/\.\d+$/, ".*")) - version = - PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE. - find { |v| requirement.satisfied_by?(Python::Version.new(v)) } - return version if version - end + # Try to match one of our pre-installed Python versions + requirement = Python::Requirement.requirements_array(requirement_string).first + version = PRE_INSTALLED_PYTHON_VERSIONS.find { |v| requirement.satisfied_by?(Python::Version.new(v)) } + return version if version - # Otherwise we have to raise, giving details of the Python versions - # that Dependabot supports - msg = "Dependabot detected the following Python requirement " \ - "for your project: '#{requirement_string}'.\n\nCurrently, the " \ - "following Python versions are supported in Dependabot: " \ - "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}." + # Otherwise we have to raise + msg = "Dependabot detected the following Python requirement for your project: '#{python_requirement_string}'." \ + "\n\nCurrently, the following Python versions are supported in Dependabot: " \ + "#{PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, '.*') }.join(', ')}." raise DependencyFileNotResolvable, msg end @@ -100,7 +96,7 @@ def python_version_matching_imputed_requirements end def python_version_matching(requirements) - PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string| + PRE_INSTALLED_PYTHON_VERSIONS.find do |version_string| version = Python::Version.new(version_string) requirements.all? do |req| next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array) diff --git a/python/lib/dependabot/python/python_versions.rb b/python/lib/dependabot/python/python_versions.rb deleted file mode 100644 index e71c6a932a0..00000000000 --- a/python/lib/dependabot/python/python_versions.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -module Dependabot - module Python - module PythonVersions - PRE_INSTALLED_PYTHON_VERSIONS = %w( - 3.11.4 - ).freeze - - # Due to an OpenSSL issue we can only install the following versions in - # the Dependabot container. - # NOTE: When adding one version, always doublecheck for additional releases: https://www.python.org/downloads/ - # - # WARNING: 3.9.3 is purposefully omitted as it was recalled: https://www.python.org/downloads/release/python-393/ - SUPPORTED_VERSIONS = %w( - 3.11.4 3.11.3 3.11.2 3.11.1 3.11.0 - 3.10.12 3.10.11 3.10.10 3.10.9 3.10.8 3.10.7 3.10.6 3.10.5 3.10.4 3.10.3 3.10.2 3.10.1 3.10.0 - 3.9.17 3.9.16 3.9.15 3.9.14 3.9.13 3.9.12 3.9.11 3.9.10 3.9.9 3.9.8 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0 - 3.8.17 3.8.15 3.8.14 3.8.13 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0 - 3.7.17 3.7.15 3.7.14 3.7.13 3.7.12 3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0 - ).freeze - - # This list gets iterated through to find a valid version, so we have - # the pre-installed versions listed first. - SUPPORTED_VERSIONS_TO_ITERATE = - [ - *PRE_INSTALLED_PYTHON_VERSIONS, - *SUPPORTED_VERSIONS - ].freeze - end - end -end diff --git a/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb b/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb index 683aa27f350..0f23d9ce936 100644 --- a/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb @@ -13,7 +13,6 @@ require "dependabot/shared_helpers" require "dependabot/python/language_version_manager" require "dependabot/python/native_helpers" -require "dependabot/python/python_versions" require "dependabot/python/name_normaliser" require "dependabot/python/authed_url_builder" diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb index 0e6d8f14d96..634082668c0 100644 --- a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb @@ -11,7 +11,6 @@ require "dependabot/python/file_updater/pipfile_preparer" require "dependabot/python/file_updater/setup_file_sanitizer" require "dependabot/python/update_checker" -require "dependabot/python/python_versions" require "dependabot/python/native_helpers" require "dependabot/python/name_normaliser" require "dependabot/python/version" diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index cb3528f2228..2be5e133c7c 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -14,7 +14,6 @@ require "dependabot/python/version" require "dependabot/python/requirement" require "dependabot/python/native_helpers" -require "dependabot/python/python_versions" require "dependabot/python/authed_url_builder" require "dependabot/python/name_normaliser"