Skip to content

Python dependency checker (with support for doctests, django settings files, zope zcml files, etc)

License

Notifications You must be signed in to change notification settings

reinout/z3c.dependencychecker

Repository files navigation

z3c.dependencychecker

Checks which imports are done and compares them to what's in setup.py and warn when discovering missing or unneeded dependencies.

https://github.com/reinout/z3c.dependencychecker/actions/workflows/testing.yml/badge.svg?branch=master https://coveralls.io/repos/github/reinout/z3c.dependencychecker/badge.svg?branch=master

z3c.dependencychecker reports on:

  • Missing (test) requirements: imports without a corresponding requirement in the setup.py. There might be false alarms, but at least you've got a (hopefully short) list of items to check.

    Watch out for packages that have a different name than how they're imported. For instance a requirement on pydns which is used as import DNS in your code: pydns and DNS lead to separate "missing requirements: DNS" and "unneeded requirements: pydns" warnings.

  • Unneeded (test) requirements: requirements in your setup.py that aren't imported anywhere in your code. You might need them because not everything needs to be imported. It at least gives you a much smaller list to check by hand.

  • Requirements that should be test-only: if something is only imported in a test file, it shouldn't be in the generic defaults. So you get a separate list of requirements that should be moved from the regular to the test requirements.

It checks the following locations:

  • Python files for regular imports and their docstrings.
  • ZCML files, Plone's generic setup files as well as FTI XML files.
  • Python files, .txt and .rst files for imports in doctests.
  • django settings files.

Some packages available on pypi have a different name than the import statement needed to use them, i.e. python-dateutil is imported as import dateutil. Others provide more than one package, i.e Zope2 provides several packages like Products.Five or Products.OFSP.

For those cases, z3c.dependencychecker has a solution: user mappings.

Add a pyproject.toml file on the root of your project with the following content:

[tool.dependencychecker]
python-dateutil = ['dateutil']
Zope2 = ['Products.Five', 'Products.OFSP' ]

z3c.dependencychecker will read this information and use it on its reports.

Sometimes you need to add a package in setup.py although you are not importing it directly, but maybe is an extra dependency of one of your dependencies, or your package has a soft dependency on a package, and as a soft dependency it is not mandatory to install it always.

z3c.dependencychecker would complain in both cases. It would report that a dependency is not needed, or that a missing package is not listed on the package requirements.

Fortunately, z3c.dependencychecker also has a solution for it.

Add a pyproject.toml file on the root of your project with the following content:

[tool.dependencychecker]
ignore-packages = ['one-package', 'another.package' ]

z3c.dependencychecker will totally ignore those packages in its reports, whether they're requirements that appear to be unused, or requirements that appear to be missing.

z3c.dependencychecker is a different application/packaging of zope's importchecker utility. It has been used in quite some projects, I grabbed a copy from lovely.recipe's checkout.

  • Martijn Faassen wrote the original importchecker script.
  • Reinout van Rees added the dependency checker functionality and packaged it (mostly while working at The Health Agency).
  • Quite some fixes from Jonas Baumann.
  • Many updates (basically: rewriting the entire codebase to work with AST!) to work well with modern Plone versions by Gil Forcada Codinachs <http://gil.badall.net/>.

The source code can be found on github: https://github.com/reinout/z3c.dependencychecker

You can fork and fix it from there. And you can add issues and feature requests in the github issue tracker.

Every time you commit something, bin/code-analysis is automatically run. Pay attention to the output and fix the problems that are reported. Or fix the setup so that inappropriate reports are filtered out.

Create a virtualenv and install the requirements:

$ python3 -m venv venv
$ . venv/bin/activate
$ pip install -r requirements.txt

If you changed the actual requirements in setup.py or the development requirements in requirements.in, re-generate requirements.txt:

$ pip-compile requirements.in

To run the tests we use the setup of plone/meta. So stuff like:

$ tox -e test
$ tox -e format
$ pre-commit run --all

About

Python dependency checker (with support for doctests, django settings files, zope zcml files, etc)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages