fpgmaas/deptry

Environment markers not handled cleanly when untrue?

charlesnicholson opened this issue · 2 comments

One of my packages uses an environment marker in the dependencies section of its pyproject.toml file, like so:

[project]
name = "company.repro"
version = "0.0.1"
dependencies = ['boto3; platform_system == "Windows"']

When this is present, deptry issues this warning:

Assuming the corresponding module name of package 'boto3' is 'boto3'. Install the package or configure a package_module_name_map entry to override this behaviour.

My hunch without knowing the deptry code is that when the environment marker condition is not satisfied, deptry maybe discards the dependency? Then, when the code is analyzed, the dependency has been discarded so deptry raises the warning. Note, though, that the code in question will never run if the environment marker condition is untrue, so in this case for example, boto3 will only be imported and used when the platform is Windows. Indeed, deptry runs this repo cleanly on a Windows build! For Linux / Mac, though, should deptry issue this warning? It requires an explicit package_module_name_map entry of boto3 = "boto3" to quiet it, which seems suspect.

I created a little test repo here: https://github.com/charlesnicholson/deptry-pep508-bug
You can see the issue from the dispatch workflow log here: https://github.com/charlesnicholson/deptry-pep508-bug/actions/runs/9820509759/job/27115174636

(I'm assuming you're well familiar with them, but just to provide more details to readers, the gory details of PEP508 environment markers are here: https://peps.python.org/pep-0508/#environment-markers)

Hi @charlesnicholson, thanks for raising this issue and adding a clear example! The problem here is that deptry requires the packages to be installed in the virtual environment to work; that is how deptry detects the link between the dependency and the packages (e.g. the dependency scikit-learn provides the package sklearn).

In your case, boto3 is not installed since you are not running on Windows, and that is causing the issue. You can verify this by changing the line

dependencies = ['boto3; platform_system == "Windows"']

to

dependencies = ['boto3; platform_system == "Linux"']

If you then install the project and run deptry, you will find that it runs without the warning. I don't think in this case I have a better solution for you than using package_module_name_map. Of course if you have any good ideas feel free to share them!

Thanks for the quick response! I'm happy to live with a dedicated package_module_name_map entry that just maps boto3 to itself, it's easy to comment with an explanation.