New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
checkov: init at 1.0.674 #107028
checkov: init at 1.0.674 #107028
Conversation
Is there a reason to not put the python dependencies in pkgs/development/python-modules and pkgs/top-level/python-packages.nix ? |
The 4 I put here is the only version that worked with the build. I tried to not override, but the build will fail with the versions in python-packages.nix. |
I don't know what the policy is about duplicating python packages in full vs overriding, cc @jonringer ? deep_merge and bc-python-hcl2 are not in nixpkgs, so they should go with other python modules. In any case, you should try to run tests. If you leave |
The more generic python packages should be added to If specific version is necessary, then I would prefer to do an override specific to the application as so:
Overall stance on pinning python packages: The preference to handling pinning is to relax version bounds in the "install_requires" field. (could be in setup.py, pyproject.toml, requirements or others). In most cases, packages are still compatible with small API changes which may warrant a major version bump. We use test suites to verify that the package still works correctly. If the package is still incompatible with the latest major version, then the most proper way to handle this is make an issue with the upstream package to adopt the latest major version. Or if upstream is not very responsive, you are free patch the source to make it compatible. In very few circumstances, two versions of the same package are allowed to exist if the packages are extremely difficult to package. Some examples of this are tensorflow, which has huge ecosystems built around it and is hard to package. Another is django, which has 2 actively developed versions, and large ecosystems built around each. One exception to this is applications, due to the way Info on |
@jonringer I updated based on guideline. Only |
sha256 = "tUQV+Qk0xC4zQRTihky01OczWzStOW41rYYQyWBlpH4="; | ||
}; | ||
|
||
propagatedBuildInputs = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this just required for the tests?
nose | ||
]; | ||
|
||
doCheck = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a pythonImportsCheck.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When added pythonImportsCheck it is always failing:
deep_merge.tests.test_merge.test_default_behaviors ... ok
deep_merge.tests.test_merge.test_big_merge ... FAIL
deep_merge.tests.test_merge.test_no_references
Ensure that read-only parameters aren't being modified. ... FAIL
======================================================================
FAIL: deep_merge.tests.test_merge.test_big_merge
----------------------------------------------------------------------
Traceback (most recent call last):
File "/nix/store/g80x8dysb6hnhrcjrpav7dmsb8jnwnyr-python3.8-nose-1.3.7/lib/python3.8/site-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
File "/private/tmp/nix-build-python3.8-deep_merge-0.0.4.drv-0/deep_merge-0.0.4/deep_merge/tests/test_merge.py", line 60, in test_big_merge
assert merge(a, b, c) == expected
AssertionError
======================================================================
FAIL: deep_merge.tests.test_merge.test_no_references
Ensure that read-only parameters aren't being modified.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/nix/store/g80x8dysb6hnhrcjrpav7dmsb8jnwnyr-python3.8-nose-1.3.7/lib/python3.8/site-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
File "/private/tmp/nix-build-python3.8-deep_merge-0.0.4.drv-0/deep_merge-0.0.4/deep_merge/tests/test_merge.py", line 73, in test_no_references
assert output == {"key1": {"key1a": "2"}, "key2": [3, 4, 4, 5]}
AssertionError
----------------------------------------------------------------------
Ran 3 tests in 0.013s
FAILED (failures=2)
Test failed: <unittest.runner.TextTestResult run=3 errors=0 failures=2>
error: Test failed: <unittest.runner.TextTestResult run=3 errors=0 failures=2>
error: --- Error ------------------------------------------------------------------------------------------------------------------------ nix-build
builder for '/nix/store/41dyki3vl4qp53vd6kl92lg1yrn2w797-python3.8-deep_merge-0.0.4.drv' failed with exit code 1; last 10 log lines:
File "/private/tmp/nix-build-python3.8-deep_merge-0.0.4.drv-0/deep_merge-0.0.4/deep_merge/tests/test_merge.py", line 73, in test_no_references
assert output == {"key1": {"key1a": "2"}, "key2": [3, 4, 4, 5]}
AssertionError
----------------------------------------------------------------------
Ran 3 tests in 0.013s
FAILED (failures=2)
Test failed: <unittest.runner.TextTestResult run=3 errors=0 failures=2>
error: Test failed: <unittest.runner.TextTestResult run=3 errors=0 failures=2>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hum, that does not look like a spurious failure. Can you open an issue upstream to ensure that it's not nixpkgs-specific?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is a 3 years old repo... But I will try.
Result of 7 packages built:
|
Result of 7 packages built:
|
@symphorien @SuperSandro2000 I will fix all the commits one the changes are all agreed. I want to ask on another part when moving This is the problem of moving
I need your comments on the findings. Thank you! |
leaving runtime python dependencies in propagatedBuildInputs is fine. |
Co-authored-by: Guillaume Girol <symphorien@users.noreply.github.com>
Co-authored-by: Guillaume Girol <symphorien@users.noreply.github.com>
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)