Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Handle editable pip installs #2731

Merged
merged 12 commits into from
Mar 13, 2023
Merged

🐛 Handle editable pip installs #2731

merged 12 commits into from
Mar 13, 2023
+322 −5

Commits on Mar 13, 2023

  1. fix: Handle editable pip install 

    Editable pip installs (-e) should be considered secure if the package is installed from a local source or a remote source (VCS install) but pinned by commit hash. To keep the behaviour we have for normal pip installs, we need to guarantee the package dependencies are pinned by hash too. For normal pip installs, we verify that by using --require-hashes flag. Unfortunately, --require-hashes flag is not compatible with editable installs, so we use --no-deps flag to verify the dependencies are not installed since we can't verify if they are pinned.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    0f8c92d View commit details
    Browse the repository at this point in the history

  2. test: Editable pip install in GHA 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    e4668bc View commit details
    Browse the repository at this point in the history

  3. test: Editable pip install in Dockerfile 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    50def92 View commit details
    Browse the repository at this point in the history

  4. test: Editable pip install in shell script 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    172f367 View commit details
    Browse the repository at this point in the history

  5. fix: Code complexity increase 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    bca00ac View commit details
    Browse the repository at this point in the history

  6. fix: Simplify boolean return 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    e3f146a View commit details
    Browse the repository at this point in the history

  7. docs: Add pip editable install references in comments 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    3fb4c49 View commit details
    Browse the repository at this point in the history

  8. fix: Handle multiple packages in editable pip install 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    c3de87b View commit details
    Browse the repository at this point in the history

  9. test: Multi editable pip install in GHA 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    23617ab View commit details
    Browse the repository at this point in the history

  10. test: Multi editable pip install in Dockerfile 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    78b548d View commit details
    Browse the repository at this point in the history

  11. test: Multi editable pip install in shell script 

    Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
    @gabibguti
    gabibguti committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    6a2c051 View commit details
    Browse the repository at this point in the history

  12. Merge branch 'main' into fix/pip-install-e-flag

    @laurentsimon
    laurentsimon committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    baae4da View commit details
    Browse the repository at this point in the history