packaged code to handle Pipfile.lock #2116
Conversation
There was a problem hiding this comment.
@rpotter12 Just one minor change left :)
Then this looks good to me.
rpotter12
force-pushed
the
pipfile-lock-parser
branch
from
f52005f
to
63bb363
Compare
| if '_meta' in data: | ||
| for name, meta in data['_meta'].items(): | ||
| if name=='hash': | ||
| sha256 = meta.get('sha256') |
There was a problem hiding this comment.
Do you know what is this sha256 about? A download archive? the original Pipfile?
There was a problem hiding this comment.
@pombredanne This was originally brought up by me. It the the sha256 of the original pipfile (I think). Since it was in the data, I suggested we should collect it. We may not want to do this, as it is slightly confusing. Also, I am unsure if this particular hash will be present in most pipfiles.
There was a problem hiding this comment.
@pombredanne The sha256 which we are collecting in this packagedcode is of original pipfile. So I think we should detect this and add this in sha256 :)
There was a problem hiding this comment.
ok, please enter a ticket to revisit this. I am not sure we can do much of anything with this as this is not the sha256 of some package archive of sorts?
| "sha256:758cb50abddc03e4563fd9e7f03db56e3e87b58c0bd01247360326e5c0c7ffa5", | ||
| "sha256:0d7f6e959fe53f3960a23d73f35e1fce61348b30915b6664309ca756de7c1f89", | ||
| "sha256:d258b0a71994f7770599835249cece1caef3c70def868c4915e6e5ca49b67d15" | ||
| ], |
There was a problem hiding this comment.
Do you think we should add these checksums to the packagedcode model?
There was a problem hiding this comment.
@pombredanne This was originally brought up by me. It the the sha256 of the original pipfile (I think). Since it was in the data, I suggested we should collect it. We may not want to do this, as it is slightly confusing. Also, I am unsure if this particular hash will be present in most pipfiles.
There was a problem hiding this comment.
@pombredanne The checksums for which you talking about is of dependencies and I know only little bit about checksums. I think if we don't add sha256 in our packagedcode model that will also be good.
There was a problem hiding this comment.
Maybe If we need to collect these, we can create a new ticket for this. :)
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
rpotter12
force-pushed
the
pipfile-lock-parser
branch
from
63bb363
to
e01e343
Compare
Fixes #2082
Packagedcode to handle Pipfile.lock
Tasks
Run tests locally to check for errors.