Support `poetry.lock`

Question

Support `poetry.lock`

mattyclarkson opened this issue 3 years ago · 6 comments

poetry is a Python package manager that is gaining momentum as an alternative to pip.

It provides a concrete poetry.lock describing the resolved dependencies of a project.

Would it make sense to add a poetry.lock parsing module to this project to integrate smoothly with poetry projects?

It might be sensible to add the parse as on extra to the project that would be installed with liccheck[poetry]. Depends if we use the poetry project to read the lock file.

poetry does have the functionality to generate a requirements.txt so there is a work around possible.

Answer 1 · 2021-04-15T11:04:09.000Z

That would be excellent. poetry export helps some, but tends to sometimes (like with the current very recent 1.1.6 release) generate a requirements.txt that liccheck chokes on.

Answer 2 · 2021-04-15T12:13:30.000Z

I implemented a very rudimentary and ugly poetry.lock reader here: https://github.com/vegai/python-license-check/tree/poetry_lock_support -- the POC was pretty trivial.

If somebody wants to pick this up and implement it properly, feel free. If not, I'll probably be able to make it prettier and mergeable in a few days/weeks.

Answer 3 · 2021-06-22T09:29:55.000Z

So I probably knew when I was writing my last comment that it's a blatant lie. Anyway, perhaps some day it will happen that I get bored of exporting requirements.txt and rereading it here and then finish this.

Answer 4 · 2022-09-19T13:35:21.000Z

Does exporting from poetry and consuming in liccheck works for you out of the box?

Answer 5 · 2022-12-28T21:00:36.000Z

Does exporting from poetry and consuming in liccheck works for you out of the box?

Yes. The following command sequence works great for me in all my Poetry projects.
specifically Poetry versions v1.0.0+ (v1.3.1 is the latest at the time of writing)

poetry export > requirements.txt
poetry run liccheck
rm requirements.txt

Answer 6 · 2023-03-27T10:21:02.000Z

I'd like to run it in pre-commit with poetry, but this would require a custom pre-commit hook. So having this "workaround" implemented in the package would be nice! Possibly it should also not be specific to poetry, but rather allow giving a command that generates a requirements.txt (this would allow to also e.g. enable Pipfile.lock)

Also, maybe liccheck should just allow passing a requirements.txt file to stdin - then creating temporary files could be avoided.