From 546bb6fe810d30382d6b7858e650198a18f2ad7f Mon Sep 17 00:00:00 2001 From: Tor Arvid Lund Date: Wed, 23 Aug 2023 01:02:36 +0200 Subject: [PATCH] Handle explicit PyPI source in pyproject.toml (#7499) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a github user has poetry >= 1.5.0, they will be nagged by a warning to run `poetry source add pypi`, which will add the following section to the users pyproject.toml: ```toml [[tool.poetry.source]] name = "PyPI" priority = "primary" ``` This causes the problem that the index_finder will fail due to this section missing a url. This commit works around this issue by skip that case, since we will default to the PyPI official URL anyways in that case. Co-authored-by: Galen Rice Co-authored-by: David Rodríguez --- .../python/update_checker/index_finder.rb | 3 +++ .../python/update_checker/index_finder_spec.rb | 14 ++++++++++++++ .../fixtures/pyproject_files/pypi_explicit.toml | 16 ++++++++++++++++ .../pyproject_files/pypi_explicit_lowercase.toml | 16 ++++++++++++++++ 4 files changed, 49 insertions(+) create mode 100644 python/spec/fixtures/pyproject_files/pypi_explicit.toml create mode 100644 python/spec/fixtures/pyproject_files/pypi_explicit_lowercase.toml diff --git a/python/lib/dependabot/python/update_checker/index_finder.rb b/python/lib/dependabot/python/update_checker/index_finder.rb index ed180abbcb88..1800ccfe1daa 100644 --- a/python/lib/dependabot/python/update_checker/index_finder.rb +++ b/python/lib/dependabot/python/update_checker/index_finder.rb @@ -118,6 +118,9 @@ def pyproject_index_urls [] sources.each do |source| + # If source is PyPI, skip it, and let it pick the default URI + next if source["name"].casecmp?("PyPI") + if source["default"] urls[:main] = source["url"] else diff --git a/python/spec/dependabot/python/update_checker/index_finder_spec.rb b/python/spec/dependabot/python/update_checker/index_finder_spec.rb index 3d69dfa53e6f..dd3b78e96586 100644 --- a/python/spec/dependabot/python/update_checker/index_finder_spec.rb +++ b/python/spec/dependabot/python/update_checker/index_finder_spec.rb @@ -124,6 +124,20 @@ end end + context "set pypi explicitly in a pyproject.toml" do + let(:pyproject_fixture_name) { "pypi_explicit.toml" } + let(:dependency_files) { [pyproject] } + + it { is_expected.to eq(["https://pypi.org/simple/"]) } + end + + context "set pypi explicitly in a pyproject.toml, in lowercase" do + let(:pyproject_fixture_name) { "pypi_explicit_lowercase.toml" } + let(:dependency_files) { [pyproject] } + + it { is_expected.to eq(["https://pypi.org/simple/"]) } + end + context "set in credentials" do let(:credentials) do [{ diff --git a/python/spec/fixtures/pyproject_files/pypi_explicit.toml b/python/spec/fixtures/pyproject_files/pypi_explicit.toml new file mode 100644 index 000000000000..4a90c4e5dd00 --- /dev/null +++ b/python/spec/fixtures/pyproject_files/pypi_explicit.toml @@ -0,0 +1,16 @@ +[tool.poetry] +name = "PythonProjects" +version = "2.0.0" +homepage = "https://github.com/roghu/py3_projects" +license = "MIT" +readme = "README.md" +authors = ["Dependabot "] +description = "Various small python projects." + +[tool.poetry.dependencies] +python = "^3.7" +requests = "2.18.0" + +[[tool.poetry.source]] +name = "PyPI" +priority = "primary" diff --git a/python/spec/fixtures/pyproject_files/pypi_explicit_lowercase.toml b/python/spec/fixtures/pyproject_files/pypi_explicit_lowercase.toml new file mode 100644 index 000000000000..bee0828a8d54 --- /dev/null +++ b/python/spec/fixtures/pyproject_files/pypi_explicit_lowercase.toml @@ -0,0 +1,16 @@ +[tool.poetry] +name = "PythonProjects" +version = "2.0.0" +homepage = "https://github.com/roghu/py3_projects" +license = "MIT" +readme = "README.md" +authors = ["Dependabot "] +description = "Various small python projects." + +[tool.poetry.dependencies] +python = "^3.7" +requests = "2.18.0" + +[[tool.poetry.source]] +name = "pypi" +priority = "primary"