New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
packaged code to handle Pipfile.lock #2116
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rpotter12 Just one minor change left :)
Then this looks good to me.
f52005f
to
63bb363
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
@pombredanne Anything to add here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking great and I just have a few minor nits.
if '_meta' in data: | ||
for name, meta in data['_meta'].items(): | ||
if name=='hash': | ||
sha256 = meta.get('sha256') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know what is this sha256 about? A download archive? the original Pipfile?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pombredanne This was originally brought up by me. It the the sha256 of the original pipfile (I think). Since it was in the data, I suggested we should collect it. We may not want to do this, as it is slightly confusing. Also, I am unsure if this particular hash will be present in most pipfiles.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pombredanne The sha256 which we are collecting in this packagedcode is of original pipfile. So I think we should detect this and add this in sha256 :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, please enter a ticket to revisit this. I am not sure we can do much of anything with this as this is not the sha256 of some package archive of sorts?
"sha256:758cb50abddc03e4563fd9e7f03db56e3e87b58c0bd01247360326e5c0c7ffa5", | ||
"sha256:0d7f6e959fe53f3960a23d73f35e1fce61348b30915b6664309ca756de7c1f89", | ||
"sha256:d258b0a71994f7770599835249cece1caef3c70def868c4915e6e5ca49b67d15" | ||
], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think we should add these checksums to the packagedcode model?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pombredanne This was originally brought up by me. It the the sha256 of the original pipfile (I think). Since it was in the data, I suggested we should collect it. We may not want to do this, as it is slightly confusing. Also, I am unsure if this particular hash will be present in most pipfiles.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pombredanne The checksums for which you talking about is of dependencies and I know only little bit about checksums. I think if we don't add sha256 in our packagedcode model that will also be good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe If we need to collect these, we can create a new ticket for this. :)
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
Signed-off-by: rpotter12 <rohitpotter12@gmail.com>
63bb363
to
e01e343
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you!
Fixes #2082
Packagedcode to handle Pipfile.lock
Tasks
Run tests locally to check for errors.