Support options in requirements.txt in pip-sync

[atugushev]

Adds support of the following options in requirements.txt in pip-sync:

--index-url
--extra-index-url
--no-index
--find-links
--no-binary
--only-binary
--trusted-host

Closes #637
Closes #638
Inspired by #703 #464.

Changelog-friendly one-liner: Support requirements.txt options in pip-sync

Contributor checklist

• Provided the tests for the changes.
• Requested a review from another contributor.
• Gave a clear one-line description in the PR (that the maintainers can add to CHANGELOG.md on release).
• Assign the PR to an existing or new milestone for the target version (following Semantic Versioning).

[codecov]

Codecov Report

Merging #824 into master will increase coverage by 0.21%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #824      +/-   ##
==========================================
+ Coverage   99.26%   99.47%   +0.21%     
==========================================
  Files          34       34              
  Lines        2446     2494      +48     
  Branches      306      312       +6     
==========================================
+ Hits         2428     2481      +53     
+ Misses         10        6       -4     
+ Partials        8        7       -1     

Impacted Files	Coverage Δ
tests/conftest.py	100.00% <0.00%> (ø)	⬆️
tests/test_cache.py	100.00% <0.00%> (ø)	⬆️
piptools/resolver.py	100.00% <0.00%> (ø)	⬆️
piptools/scripts/compile.py	100.00% <0.00%> (ø)	⬆️
tests/test_repository_pypi.py	100.00% <0.00%> (ø)	⬆️
piptools/repositories/pypi.py	95.16% <0.00%> (+2.48%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d405bf9...e927939. Read the comment docs.

[jnns]

Thank you for taking care of this. 👍

We hit that problem in one of our projects. Can we help in any way to get this fix in with the next version?

[blueyed]

@jnns
Review and test it? :)

[atugushev]

Hi, @jnns! Thanks for being interesting in this PR. I'll rebase this branch to the master then (for there was a lot of changes since this PR has been created), let's see whether the tests pass.

[atugushev]

@jnns

We hit that problem in one of our projects. Can we help in any way to get this fix in with the next version?

FIY PR is ready to test and review. Take a look at it please if you have time.

[jnns]

@atugushev Thank you! Your branch fixes the problem we have with --extra-index-url. We can now sync our requirements without pip-sync bailing out.

[atugushev]

@jnns great! Let's wait a review from contributors then.

[webknjaz]

FTR the preferred way of patching things in pytest is to use a built-in fixture called monkeypatch.

[atugushev]

Are there any links to the discussion about monkeypatch vs mock? I see only pytest-dev/pytest#4576 and a few others where arguments are mostly based on personal preferences. Personally, I do like @mock.patch decorator.

Would you like to open an issue so that we can discuss it and decide whether it's worth to refactor codebase form mock to monkeypatch?

[webknjaz]

I just think that it's cleaner because it's natively integrated + fewer deps.
Also, it automatically, unpatches things on exit.

[atugushev]

fewer deps

MagicMock would require pytest-mock btw.

[webknjaz]

I think it's vice versa

[blueyed]

Sure.. but that's not monkeypatch.

[webknjaz]

Wait, the patching method may still be monkeypatch while the value would be MagicMock().

[atugushev]

@webknjaz

I just think that it's cleaner because it's natively integrated + fewer deps.

You are right, it could be the mock.MagicMock. Instead of using mock and patch things with mock, the suggestion is to use monkeypatch with mock.MagicMock. I don't get it, how it can be "fewer deps"?

[webknjaz]

It's fewer deps under py3. Also, I'm not sure I'd actually endorse magic mock, better define a proper fake object which would fit expectations instead of implicitly hiding possibly malicious behaviors.

[atugushev]

I see. Pretend might be an alternative to the MagickMock, btw.

[atugushev]

@Nebukadneza I've rebased the PR against current master. Thanks for pinging!

[amonsch]

bump

[codingjoe]

I'd probably go for --binary and --source and drop the "only" or "no" prefixes.

[altendky]

How would that work given that pip uses the prefixes? I didn't think we were creating new options, just supporting existing pip ones.

$ venv/bin/pip --version
pip 20.0.2 from /home/altendky/venv/lib/python3.8/site-packages/pip (python 3.8)

$ venv/bin/pip install --help
<snip>
  --no-binary <format_control>
                              Do not use binary packages. Can be supplied multiple times, and each time adds to the
                              existing value. Accepts either :all: to disable all binary packages, :none: to empty the
                              set, or one or more package names with commas between them (no colons). Note that some
                              packages are tricky to compile and may fail to install when this option is used on them.
  --only-binary <format_control>
                              Do not use source packages. Can be supplied multiple times, and each time adds to the
                              existing value. Accepts either :all: to disable all source packages, :none: to empty the
                              set, or one or more package names with commas between them. Packages without binary
                              distributions will fail to install when this option is used on them.
  --prefer-binary             Prefer older binary packages over newer source packages.
<snip>

[Nebukadneza]

ACK with @altendky, I think it’s common convention and supported behavior pip to put the standard options of pip in requirements.txt. I think this is what users would expect to get in requirement.in too. Another downside of inventing custom options would be that users need a custom translation layer between the 2 worlds …

[amonsch]

bump

[JensPfeifle]

Would be interested in getting this merged as well. Any help needed?

[atugushev]

Hello @JensPfeifle,

This PR needs an approvement form one of the members.

[auvipy]

thanks all for your great work!

[atugushev]

@auvipy thanks for reviewing and merging. Looks like this PR should be rebased onto master before merging. Master's CI is broken now.

[webknjaz]

@atugushev that could be solved by https://bors.tech/

[altendky]

GitHub can also just require that PRs be up to date.

[atugushev]

@altendky

GitHub can also just require that PRs be up to date.

Sounds good to me!

[atugushev]

Addressed in #1085.

[atugushev]

I made a post-merge conflict fix in #1086. Please, review.