chore: add lockfile to PackageDescriptor
#282
Conversation
ejortega
force-pushed
the
add-lockfile-path
branch
from
6eee1a4
to
9adfdd6
Compare
ejortega
force-pushed
the
add-lockfile-path
branch
from
03a8a6c
to
b98c9ff
Compare
ejortega
force-pushed
the
add-lockfile-path
branch
3 times, most recently
from
ce3ac94
to
4eaea1e
Compare
ejortega
changed the title
lockfile_path to PackageDescriptorlockfile to PackageDescriptor
ejortega
force-pushed
the
add-lockfile-path
branch
3 times, most recently
from
f95483a
to
5b1db37
Compare
ejortega
force-pushed
the
add-lockfile-path
branch
from
5b1db37
to
4eeaf63
Compare
maxrake
changed the title
lockfile to PackageDescriptorlockfile to PackageDescriptor
There was a problem hiding this comment.
The title was changed from feat: to chore: since the real feature is controlled by changes in CLI and API. That can be changed back if you like, but then the rest of the title and description text (which gets used in the squash commit) should describe a feature that is meaningful to users.
Has the CLI/API code been updated already to account for the 2nd Acceptance Criteria in #279?:
The CI should show the lockfile path on the comments it creates.
The unit test was a nice addition and helped to learn more about mocking with unittest.mock.
LGTM.
No problem, I wasn't quite sure but that makes sense.
API has been updated and running. CLI needs phylum-dev/cli#1172 to get approved and merged for the cli to output the lockfile paths. I believe there will be a release shortly following that PR approval. However, the API still accepts submissions without the lockfile paths and just defaults the paths to I'm not opposed to waiting until the next CLI release to merge this PR. |
|
@ejortega I think this PR can be merged now...no need to wait. This is mostly because the change here was made to work both with and without the Plus, the comment text is controlled by code in the |
This change fixes a problem where _any_ change in a lockfile results in the finding that _all_ dependencies from the lockfile are new. This was introduced in #282, when the `PackageDescriptor` dataclass added the `lockfile` attribute. The issue is that the `Lockfile` class uses the `PackageDescriptor` dataclass to make comparisons and compute unique sets of dependencies. The `get_previous_lockfile_packages` function works by writing the previous lockfile object to a temporary file and then parsing that file with the `phylum parse` command. The temporary file will never have the same name as the current lockfile and so the `lockfile` attribute will be different for _all_ dependencies in the given lockfile. Making this change ensures the `lockfile` attribute of the dataclass is not included when generating equality and comparison methods. There is not a problem with this exclusion because the `Lockfile` class still only operates on one lockfile at a time and keeps track of the lockfile's path separately, in the `path` property.
This change fixes a problem where _any_ change in a lockfile results in the finding that _all_ dependencies from the lockfile are new. This was introduced in #282, when the `PackageDescriptor` dataclass added the `lockfile` attribute. The issue is that the `Lockfile` class uses the `PackageDescriptor` dataclass to make comparisons and compute unique sets of dependencies. The `get_previous_lockfile_packages` function works by writing the previous lockfile object to a temporary file and then parsing that file with the `phylum parse` command. The temporary file will never have the same name as the current lockfile and so the `lockfile` attribute will be different for _all_ dependencies in the given lockfile. Making this change ensures the `lockfile` attribute of the dataclass is not included when generating equality and comparison methods. There is not a problem with this exclusion because the `Lockfile` class still only operates on one lockfile at a time and keeps track of the lockfile's path separately, in the `path` property.
Updates the package descriptor with an additional
lockfilefield.Closes #279
Checklist
closes #<issueNum>in description above)?