/check-sdist

Check to see if an SDist matches Git

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

check-sdist

Actions Status PyPI version PyPI platforms

Have you ever shipped broken SDists with missing files or possibly dirty SDists with files that shouldn't have been there? Have you noticed that standards compliant tools aren't making the same SDist that flit build is? Is hatchling adding .DSStore files when you ship from your macOS? No matter what build-backend you use, check-sdist can help!

Check-sdist builds an SDist and compares the contents with your Git repository contents. It can even temporarily inject common junk files (like pycache files or OS specific files) and help verify that those aren't getting bundled into your SDist. If you are getting files you didn't expect or missing files you did expect, consult your build backend's docs to see how to include or exclude files.

Quick start

To run:

$ pipx run check-sdist[uv]

You can add --no-isolation to disable build isolation (faster, but must preinstall build dependencies), --source-dir to select a different source directory to check, and --inject-junk to temporarily inject some common junk files while running. You can select an installer for build to use with --installer=, choices are uv, pip, or uv|pip, which will use uv if available (the default).

If you need the latest development version:

$ pipx run --spec git+https://github.com/henryiii/check-sdist check-sdist

Pre-commit integration

To use the pre-commit integration, put this in your .pre-commit-config.yaml:

- repo: https://github.com/henryiii/check-sdist
  rev: v1.0.0
  hooks:
    - id: check-sdist
      args: [--inject-junk]
      additional_dependencies: [] # list your build deps here

This requires your build dependencies, but in doing so, it can cache the environment, making it quite fast. If you don't mind slower runs and don't want to require build dependency listing:

- repo: https://github.com/henryiii/check-sdist
  rev: v1.0.0
  hooks:
    - id: check-sdist-isolated
      args: [--inject-junk]

Configuration

To configure, these options are supported in your pyproject.toml file:

[tool.check-sdist]
sdist-only = []
git-only = []
default-ignore = true
recurse-submodules = true
mode = "git"

You can add .gitignore style lines here, and you can turn off the default ignore list, which adds some default git-only files.

By default, check-sdist recursively scans the contents of Git submodules, but you can disable this behavior (e.g. to support older Git versions that don't have this capability).

You can also select mode = "all", which will instead check every file on your system. Be prepared to ignore lots of things manually, like *.pyc files, if you use this.

See also