Publish licensedcode data/index as seperate pypi wheels and improve arm installation support#4847
Conversation
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Reference: https://pypi.org/project/flot/0.7.3/ Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
31e9c41 to
574d4a4
Compare
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Fix release archive smoke tests. Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
702e93f to
474c9b5
Compare
Also add a default of `persist-credentials` as False. These are fixes from running zizmorcore/zizmor Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
474c9b5 to
4cf1cb3
Compare
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Reference: aboutcode-org/scancode.io#1646 Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
47834e6 to
182e246
Compare
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
182e246 to
e174dec
Compare
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
|
Release tests all green at https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/25222214153 and scancode tests also passing now. Note that the failure to load index and rebuilding of index at https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/25222214153/job/73957559207#step:6:351 is caused because the latest licensedcode index wheels are not released yet so older test wheels are being installed. |
JonoYang
left a comment
There was a problem hiding this comment.
@AyanSinhaMahapatra lgtm, thanks for handling this!
pombredanne
left a comment
There was a problem hiding this comment.
There are a few minor point that you should fix before merging, like double checking URLS to GH repos and missing references to AboutCode in copyrights, otherwise this is all good to go. 🙇
Reference: #4959 Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
Reference: actions/runner-images#14017 Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>
gotmax23
left a comment
There was a problem hiding this comment.
I left some comments on the new packaging from the perspective of a distribution packager of scancode. Happy to discuss further!
There was a problem hiding this comment.
Having multiple pyproject-*.toml files in a single directory with different suffixes is not really in the spirit of Python standards. The usual structure for monorepos is to have each package in a separate subdirectory with its own pyproject.toml file. uv has a workspaces feature that supports this usecase pretty well, for example.
Also, introducing an entirely new PEP 517/518 build backend is nonideal, since we already have so many, including hatchling and setuptools that are more configurable and pluggable than flit is and keep up-to-date with Python packaging standards. flot also does not support the PEP 639 standard for improved license metadata that upstream flit and other build backends do, for example. This will become more of an issue as Python packaging continues to evolve.
Would you consider a different approach here? At least, I'd suggest properly documenting how the project can be built from source with a standard build frontend like python -m build.
There was a problem hiding this comment.
At least, I'd suggest properly documenting how the project can be built from source with a standard build frontend like python -m build.
From reading the buildapi code, I see that flot supports --config-settings=--pyproject=FILE, but that didn't seem to be documented anywhere else and also seems like a worse interface than just having one pyproject.toml per directory.
| name = "licensedcode-data" | ||
| version = "32.5.0" | ||
| description = "A packaging of the ScanCode licensedb license and license rules database." | ||
| long_description_content_type = "text/x-rst" |
There was a problem hiding this comment.
[project] does not support long_description_content_type, and this results in a warning.
There was a problem hiding this comment.
The other pyproject-* files have this same issue.
| description = "A packaging of the ScanCode licensedb license and license rules database." | ||
| long_description_content_type = "text/x-rst" | ||
| readme = "src/licensedcode/data/README.rst" | ||
| license = { text = "Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft" } |
There was a problem hiding this comment.
This format is outdated. See my previous comment about PEP 639.
| build-backend = "flot.buildapi" | ||
|
|
||
| [project] | ||
| name = "scancode-toolkit-mini" |
There was a problem hiding this comment.
Why does there need to be an entirely separate -mini package? Why not add extras/optional dependencies to the main scancode-toolkit package?
There was a problem hiding this comment.
Why is there a vendored wheel here?
| ] | ||
|
|
||
| dependencies = [ | ||
| "licensedcode-index", |
There was a problem hiding this comment.
Should this have a version constraint? Otherwise, the dependencies could get out-of-sync when users run pip install -U scancode-toolkit.
This is basically an extension of the work done in:
Improve packaging #3459 #3761
Fixes Improve ScanCode packaging and reduce wheel size #3459
Tasks
Run tests locally to check for errors.