Report using non-recommended "dependency signage" #468
Description
Many users find dependency-resolution hard.
My recommendations are usually (that ssb-project build does not cover):
- Run
poetry lock - Replace all dependencies from
^to>=
I was wondering the right way to "recommend" this in the organization, and I think a warning during ssb-project build could be the best place to encourage right "signage".
Here is some example-code of what I mean.
import subprocess
def check_deps_group(group: str) -> None:
deps = subprocess.check_output((f"grep -A 10 '\[{group}\]' pyproject.toml"), shell=True).decode("utf8").split("\n")
deps = [x for x in deps if x and not x.startswith("[") and "build-backend" not in x]
for line in deps:
vers_dep = line.split('"')[-2]
if ">=" not in vers_dep:
print(f"Dependency {line}, does not use recommended signage '>=', consider changing it?")
check_deps_group("tool.poetry.dependencies")
check_deps_group("tool.poetry.group.dev.dependencies")