-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added pyproject.toml #2654
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like a good start, but it seems like it's got some syntax issues around setuptools? I don't actually know how to resolve these so you'll have to read the docs.
File "/tmp/pip-build-env-3gi0wdcb/overlay/lib/python3.8/site-packages/setuptools/config/pyprojecttoml.py", line 51, in validate
raise ValueError(f"{error}\n{summary}") from None
ValueError: invalid pyproject.toml config: `tool.setuptools`.
configuration error: `tool.setuptools` must not contain {'source', 'dependencies', 'extras', 'dev-dependencies'} properties
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error
× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> See above for output.
note: This error originates from a subprocess, and is likely not a problem with pip.
@terriko Could you guide me on this one? I got stuck on the test, and I think they are checker tests. It could be because I have not included the checker as an entry point. I have read through their documentation but wasn't able to find how to implement a checker as a function in the entry point. A solution that I have guessed is to hardcode every checker in toml. but it is impractical and awful to look. |
@Rexbeast2 I actually don't know enough to provide guidance here since I haven't really used pyproject.toml for anything as complicated as our current checker setup. You'll probably have to do a lot of searching and reading the docs to figure it out. |
@terriko OK. I will try to figure out as soon as possible. |
Codecov Report
@@ Coverage Diff @@
## main #2654 +/- ##
==========================================
+ Coverage 80.00% 80.17% +0.17%
==========================================
Files 670 670
Lines 10490 10490
Branches 1220 1220
==========================================
+ Hits 8392 8410 +18
+ Misses 1719 1706 -13
+ Partials 379 374 -5
Flags with carried forward coverage won't be shown. Click here to find out more. see 3 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
@terriko I have updated pyproject.toml and I think this pyproject.toml is ready. Can you review it, please. |
Ran out of time for code review today but this looks maybe ready. (sorry it fell off my radar for a while there!) I'm not sure if it's a good idea to have both pyproject.toml and setup.py at the same time so I need to some research, and I'm going to update the branch to see if that resolves whatever was going on with the windows tests. I should be back to look at it tomorrow! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we're getting a lot of errors or warnings on python 3.11. Here's one of the shorter ones:
********************************************************************************
##########################################################################
# configuration would be ignored/result in error due to `pyproject.toml` #
##########################################################################
The following seems to be defined outside of `pyproject.toml`:
`maintainers = 'Terri Oda'`
According to the spec (see the link below), however, setuptools CANNOT
consider this value unless `maintainers` is listed as `dynamic`.
https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
For the time being, `setuptools` will still consider the given value (as a
**transitional** measure), but please note that future releases of setuptools will
follow strictly the standard.
To prevent this warning, you can list `maintainers` under `dynamic` or alternatively
remove the `[project]` table from your file and rely entirely on other means of
configuration.
By 2023-Oct-30, you need to update your project and remove deprecated calls
or your builds will no longer be supported.
********************************************************************************
I can't tell if most of these happen because setup.py still exists (as in that's the "other place" where things are defined) or if there's something else going on.
Okay, I updated this branch to see what kind of errors were being thrown and if it was likely to get worked on and what I get is this.... /tmp/pip-build-env-86geumey/overlay/lib/python3.8/site-packages/setuptools/config/_apply_pyprojecttoml.py:73: _WouldIgnoreField: `scripts` defined outside of `pyproject.toml` would be ignored.
!!
********************************************************************************
##########################################################################
# configuration would be ignored/result in error due to `pyproject.toml` #
##########################################################################
The following seems to be defined outside of `pyproject.toml`:
`scripts = ['cve-bin-tool = cve_bin_tool.cli:main', 'csv2cve = cve_bin_tool.csv2cve:main']`
According to the spec (see the link below), however, setuptools CANNOT
consider this value unless `scripts` is listed as `dynamic`.
https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
For the time being, `setuptools` will still consider the given value (as a
**transitional** measure), but please note that future releases of setuptools will
follow strictly the standard.
To prevent this warning, you can list `scripts` under `dynamic` or alternatively
remove the `[project]` table from your file and rely entirely on other means of
configuration.
By 2023-Oct-30, you need to update your project and remove deprecated calls
or your builds will no longer be supported.
********************************************************************************
!!
_handle_missing_dynamic(dist, project_table)
/tmp/pip-build-env-86geumey/overlay/lib/python3.8/site-packages/setuptools/config/_apply_pyprojecttoml.py:73: _WouldIgnoreField: `dependencies` defined outside of `pyproject.toml` would be ignored.
!!
********************************************************************************
##########################################################################
# configuration would be ignored/result in error due to `pyproject.toml` #
##########################################################################
The following seems to be defined outside of `pyproject.toml`:
`dependencies = ['aiohttp[speedups]>=3.7.4', 'beautifulsoup4', 'cvss', 'defusedxml', 'distro', 'gsutil', 'importlib_metadata>=3.6; python_version < "3.10"', 'importlib_resources; python_version < "3.9"', 'jinja2>=2.11.3', 'jsonschema>=3.0.2', 'lib4sbom>=0.3.0', 'python-gnupg', 'packaging<22.0', 'plotly', 'pyyaml>=5.4', 'requests', 'rich', 'rpmfile>=1.0.6', 'toml', 'urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs', 'xmlschema', 'zstandard; python_version >= "3.4"', '']`
According to the spec (see the link below), however, setuptools CANNOT
consider this value unless `dependencies` is listed as `dynamic`.
https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
For the time being, `setuptools` will still consider the given value (as a
**transitional** measure), but please note that future releases of setuptools will
follow strictly the standard.
To prevent this warning, you can list `dependencies` under `dynamic` or alternatively
remove the `[project]` table from your file and rely entirely on other means of
configuration.
By 2023-Oct-30, you need to update your project and remove deprecated calls
or your builds will no longer be supported.
********************************************************************************
!!
_handle_missing_dynamic(dist, project_table)
error: can't copy 'cache/gad/gemnasium-db-master-pypi/pypi/rpc.py': doesn't exist or not a regular file
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for cve-bin-tool
ERROR: Could not build wheels for cve-bin-tool, which is required to install pyproject.toml-based projects
Failed to build cve-bin-tool I don't really know how to fix this at this time, and I'm not sure we're up for maintaining pyproject.toml yet and I know you're busy finishing up GSoC and doing school. So I think what I'm going to do is cut/paste some notes into the issue about how far you got, then close this for now. |
Okay, I've updated the issue in case we want to work on it more in the future, and I'm going to close this PR so it's no longer on my to-review list before 3.3 release. |
fixes #1595