add lint/check to avoid missing entries in requirements.txt/pyproject.toml #2362
Comments
|
in CI we install deps from requirements.txt and then install from pyproject. but the second step should be a no-op, except to install capa. so maybe we can inspect the pip output to assert there are no extra packages being installed. or we could do these aren't lints that we can run standalone but would help us catch things along the way |
@williballenthin we have to make sure there is no extra dependencies as quoted or just check if we are not missing any entries from requirements.txt/pyproject.toml as stated in issue name. |
|
i'm not sure how to check for extra dependencies but that would be really nice. i'd be interested in any suggestions you have. |
|
@williballenthin We can run 'pip freeze > before.txt' before '- name: Install capa with build requirements' in build.yml and 'pip freeze > after.txt' this run. Then in the next run we can check the difference in the txt for extra dependency. And if we found one what needs to be done? Exit the CI Job? |
|
yeah we would exit with nonzero status. this is a good idea. i also wonder about finding stale dependencies not referenced in code anymore, but i'm not quite sure how to do that right now. |
|
@williballenthin we can use deptry or vulture library for this. They keep track of all written in the requirements and imported dependency in the codebase. |
|
perfect, we already have deptry set up |
|
would you please confirm it's configured to do this sort of check on our codebase? |
|
Its already available and doing the work we require. Line 63 in test.yml mentions this. Shall i make changes for extra dependency as discussed.
Or we can close the issue as the qouted part is already there.
|
|
yes please go ahead and add the check |
as encountered in #2359
The text was updated successfully, but these errors were encountered: