Skip to content

Atualiza packtools versão 4.15.0#1358

Merged
robertatakenaka merged 1 commit intoscieloorg:mainfrom
robertatakenaka:fix_problema_dependencia_pkg_resources
Feb 24, 2026
Merged

Atualiza packtools versão 4.15.0#1358
robertatakenaka merged 1 commit intoscieloorg:mainfrom
robertatakenaka:fix_problema_dependencia_pkg_resources

Conversation

@robertatakenaka
Copy link
Member

@robertatakenaka robertatakenaka commented Feb 24, 2026

O que esse PR faz?

Corrige:

Traceback (most recent call last):
2026-02-24T14:50:09.980506000Z   File "/app/manage.py", line 31, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python3.11/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.11/site-packages/django/core/management/__init__.py", line 416, in execute
    django.setup()
  File "/usr/local/lib/python3.11/site-packages/django/__init__.py", line 24, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/usr/local/lib/python3.11/site-packages/django/apps/registry.py", line 116, in populate
    app_config.import_models()
2026-02-24T14:50:09.982551290Z   File "/usr/local/lib/python3.11/site-packages/django/apps/config.py", line 269, in import_models
    self.models_module = import_module(models_module_name)
2026-02-24T14:50:09.983645726Z                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2026-02-24T14:50:09.987067032Z   File "/usr/local/lib/python3.11/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
2026-02-24T14:50:09.987134470Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2026-02-24T14:50:09.987152200Z   File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
2026-02-24T14:50:09.987169071Z   File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
2026-02-24T14:50:09.987184783Z   File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked
2026-02-24T14:50:09.987201853Z   File "<frozen importlib._bootstrap>", line 690, in _load_unlocked
2026-02-24T14:50:09.987217343Z   File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/app/article/models.py", line 18, in <module>
    from packtools.sps.formats import crossref, pmc, pubmed
2026-02-24T14:50:09.987700008Z   File "/usr/local/lib/python3.11/site-packages/packtools/__init__.py", line 11, in <module>
2026-02-24T14:50:09.989025743Z     from .domain import XMLValidator, HTMLGenerator
  File "/usr/local/lib/python3.11/site-packages/packtools/domain.py", line 20, in <module>
    from . import utils, catalogs, style_errors, exceptions
  File "/usr/local/lib/python3.11/site-packages/packtools/utils.py", line 23, in <module>
    from packtools import catalogs, exceptions
  File "/usr/local/lib/python3.11/site-packages/packtools/catalogs/__init__.py", line 136, in <module>
    sys.modules[__name__] = PluggableModule()
                            ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/packtools/catalogs/__init__.py", line 121, in __init__
    self.catalog = CatalogLoader().load('packtools_catalog',
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/packtools/catalogs/__init__.py", line 115, in load
    plugin = self._load_plugin_if_exists(name) or default
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/packtools/catalogs/__init__.py", line 98, in _load_plugin_if_exists
2026-02-24T14:50:09.996951825Z     from pkg_resources import iter_entry_points
2026-02-24T14:50:09.996985760Z ModuleNotFoundError: No module named 'pkg_resources'

Onde a revisão poderia começar?

N/A

Como este poderia ser testado manualmente?

Problema ocorre ao subir. container

Algum cenário de contexto que queira dar?

A partir de alguma release de setuptools superior a 80.10.2 conflita com pkg_resources que é um dependência do packtools

Screenshots

n/a

Quais são tickets relevantes?

n/a

Referências

n/a

Copilot AI review requested due to automatic review settings February 24, 2026 16:55
@robertatakenaka robertatakenaka merged commit 9cc5a7e into scieloorg:main Feb 24, 2026
2 of 6 checks passed
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Atualiza a dependência packtools para tentar corrigir a falha de subida do container causada por import de pkg_resources durante o boot do Django.

Changes:

  • Bump do packtools de 4.14.0 para 4.15.0 via dependência VCS no requirements/base.txt.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

requirements/base.txt
@@ -88,7 +88,7 @@ pysolr==3.9.0 # https://pypi.org/project/pysolr/
# ------------------------------------------------------------------------------
tornado>=6.5.2 # not directly required, pinned by Snyk to avoid a vulnerability
lxml==6.0.2 # https://github.com/lxml/lxml
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O erro descrito (ModuleNotFoundError: pkg_resources) está ligado ao setuptools/pkg_resources, mas aqui só houve bump do packtools. Como production.txt hoje permite instalar setuptools sem upper bound, o build pode continuar pegando uma versão onde pkg_resources não existe (ou não é instalado) e o container seguir quebrando caso o packtools ainda importe isso. Sugestão: adicionar uma restrição explícita de setuptools compatível (ex.: pin/upper bound) no bloco do packtools, ou documentar/garantir via requirements que o runtime sempre instala um setuptools que forneça pkg_resources.

Suggested change
lxml==6.0.2 # https://github.com/lxml/lxml
lxml==6.0.2 # https://github.com/lxml/lxml
setuptools<70 # ensure pkg_resources remains available for packtools

Copilot uses AI. Check for mistakes.
requirements/base.txt
tornado>=6.5.2 # not directly required, pinned by Snyk to avoid a vulnerability
lxml==6.0.2 # https://github.com/lxml/lxml
git+https://git@github.com/scieloorg/packtools@4.14.0#egg=packtools
git+https://git@github.com/scieloorg/packtools@4.15.0#egg=packtools
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Installing packtools via git+https from GitHub and pinning only to the mutable tag 4.15.0 means your builds will execute remote third-party code that can be silently changed if the repository or tag is compromised. This creates a supply chain risk where an attacker controlling that repo or tag could inject malicious code that runs with your application’s privileges; prefer using a trusted package registry or pinning to an immutable commit hash with integrity verification in CI.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robertatakenaka