Skip to content

Commit

Permalink
Switch from pipfile to plette lib
Browse files Browse the repository at this point in the history
The main user of `pipfile` is `pipenv`, and _not_ any of the other
python package managers.

However, `pipfile` library has been pretty much unmaintained, so
`pipenv` switched to using `plette` for parsing/validation of
`Pipfile`'s:
* pypa/pipenv#5310
* pypa/pipenv#5339

So let's switch our usage as well. Today we only use `pipfile` for
generating hashes, so this is effectively a silent no-op. However, down
the road we could leverage `plette` for `Pipfile` parsing/validation...
for example see how it's flagging things here:
dependabot#6104 (comment)
  • Loading branch information
jeffwidman committed Dec 16, 2023
1 parent 89ebc55 commit 83c8235
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
7 changes: 4 additions & 3 deletions python/helpers/lib/hasher.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import hashin
import json
import pipfile
import plette
from poetry.factory import Factory


Expand All @@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):


def get_pipfile_hash(directory):
p = pipfile.load(directory + '/Pipfile')
with open(directory + '/Pipfile') as f:
pipfile = plette.Pipfile.load(f)

return json.dumps({"result": p.hash})
return json.dumps({"result": pipfile.get_hash().value})


def get_pyproject_hash(directory):
Expand Down
2 changes: 1 addition & 1 deletion python/helpers/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ pip-tools==7.3.0
flake8==6.1.0
hashin==0.17.0
pipenv@git+https://github.com/pypa/pipenv@main
pipfile==0.0.2
plette==0.4.4
poetry==1.7.1

# Some dependencies will only install if Cython is present
Expand Down

0 comments on commit 83c8235

Please sign in to comment.