feat: Change requirements parser

[mostafa]

In this PR, I replaced the pkg_resources from setuptools with pip-requirements-parser. This change helps with better parsing of requirements.txt files because it supports local files, private repositories, hashes, and possibly other features. which I haven't looked into or tested. This PR tries to address the PRs mentioned in this discussion: #319.

As you might have noticed by now from the commits, these are the changes I made:

1. Revamped the RequirementsParser class:
   • It now accepts path or file content.
   • Name of the package will be either the actual name or the URL, including file paths.
   • Version will be either the pinned version of the package or a list of versions (as string).
   • Hashes will be converted, processed, and then added to the Component.
2. Added more tests:
   • test_example_local_packages tests references to local files with no nested file parsing.
   • test_example_local_and_nested_packages tests references to local files and remote URLs (pointing to files) that also include a parsed requirements line from a nested file.
   • test_example_private_packages: tests extra URLs.
   • test_example_with_urls: tests requirements as URLs.
3. Unskipped the hashes test: test_example_with_hashes.
4. Removed superfluous file.close() lines.
5. Split lines where fixtures are opened to make them more readable.
6. Minor update to the docs to mention that RequirementsFileParser now supports nested files.

[jkowalleck]

@mostafa thanks in advance for all your work.

Please make sure to read and apply to the CONTRIBUTING guidelines ,
like signing your commits accordingly - which the DCO test is taking care of and currently complaining about. see the test details for fix instructions.

[mostafa]

Since I replaced the requirements parser, I think it fixed most of the issues and shortcomings of the previous one including nested file parsing, local and remote packages, etc. I followed @jkowalleck's suggestions by following and apply the CONTRIBUTING guidelines and at least the tests pass on my machine on Python 3.9 along with mypy and flake8.

I'd be very happy to have your feedback. @madpah @jkowalleck

[mostafa]

Windows tests failed because of temp files nagging about permissions, so I tried to use a slightly different approach with roughly the same code: 333ca07.

[madpah]

@mostafa - firstly - massive thanks for the PR. Great work.

Two questions from me raised in the review:

1. To confirm the lowest version of the pip-requirements-parser that will work
2. We need to update documentation to reflect your awesome work - let me know if you need a hand with this.

[madpah]

@mostafa - I'm proposing that this PR will address the following list of issues - do you agree?

Fixes:

• Crashes on requirements.txt with hashes #194
• feat: parse requirements.txt with locally referenced packages #284
• feat: parse requirements.txt with locally referenced packages #315
• feat: parse requirements.txt with private pypi repository #318

[mostafa]

@madpah Thanks for the review.

The PR hits multiple issues with the same stone. 😄

I'd be happy to write docs, too. So, I'll update the PR with docs changes soon.

[madpah]

@mostafa - we merged #320 which has caused a conflict with poetry.lock - can you rebase and resolve?

[mostafa]

@madpah Can you give me a hand in updating the docs? 🙏

[madpah]

@madpah Can you give me a hand in updating the docs? 🙏

They are automatically published once we merge - your changes look to be good @mostafa !

[madpah]

@mostafa - just looks like an issue reported by flake8 to resolve and we are good to merge.

[madpah]

⭐ Massive thanks for this contribution @mostafa ⭐