From dac18dfb5c4da314caed1c2439a900d3213c051f Mon Sep 17 00:00:00 2001 From: Denis Sazonov Date: Sat, 18 Dec 2021 19:52:20 +0000 Subject: [PATCH 1/5] initial draft for new verify command --- pipenv/cli/command.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pipenv/cli/command.py b/pipenv/cli/command.py index a3910b22..0b62158f 100644 --- a/pipenv/cli/command.py +++ b/pipenv/cli/command.py @@ -700,5 +700,26 @@ def scripts(state): echo("\n".join(fix_utf8(line) for line in lines)) +@cli.command( + short_help="Verify the hash in Pipfile.lock is up-to-date.", + context_settings=CONTEXT_SETTINGS, +) +@pass_state +def verify(state): + """Verify the hash in Pipfile.lock is up-to-date.""" + if not state.project.pipfile_exists: + echo("No Pipfile present at project home.", err=True) + sys.exit(1) + if state.project.get_lockfile_hash() != state.project.calculate_pipfile_hash(): + echo( + 'Pipfile.lock is out-of-date. Run {} to update.'.format( + crayons.yellow("$ pipenv lock", bold=True) + ), + err=True + ) + sys.exit(1) + sys.exit(0) + + if __name__ == "__main__": cli() From 45f8792804f1194c7db15d837ca24d5e2d1af153 Mon Sep 17 00:00:00 2001 From: Denis Sazonov Date: Sat, 18 Dec 2021 22:29:35 +0000 Subject: [PATCH 2/5] added tests for pipenv verify --- tests/integration/test_cli.py | 42 ++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/tests/integration/test_cli.py b/tests/integration/test_cli.py index ca201f2a..6fd8a793 100644 --- a/tests/integration/test_cli.py +++ b/tests/integration/test_cli.py @@ -3,7 +3,7 @@ import os import re - +from pathlib import Path import pytest from flaky import flaky @@ -291,3 +291,43 @@ sqlalchemy = "<=1.2.3" f.write(contents) c = p.pipenv('update --pre --outdated') assert c.returncode == 0 + + +@pytest.mark.cli +def test_pipenv_verify_without_pipfile(PipenvInstance): + with PipenvInstance(pipfile=False) as p: + c = p.pipenv('verify') + assert c.returncode == 1 + assert 'No Pipfile present at project home.' in c.stderr + + +@pytest.mark.cli +def test_pipenv_verify_without_pipfile_lock(PipenvInstance): + with PipenvInstance() as p: + c = p.pipenv('verify') + assert c.returncode == 1 + assert 'Pipfile.lock is out-of-date.' in c.stderr + + +@pytest.mark.cli +def test_pipenv_verify_locked_passing(PipenvInstance): + with PipenvInstance() as p: + p.pipenv('lock') + c = p.pipenv('verify') + assert c.returncode == 0 + + +@pytest.mark.cli +def test_pipenv_verify_locked_outdated_failing(PipenvInstance): + with PipenvInstance() as p: + p.pipenv('lock') + + # modify the Pipfile + pf = Path(p.path).joinpath('Pipfile') + pf_data = pf.read_text() + pf_new = re.sub(r'\[packages\]', '[packages]\nrequests = "*"', pf_data) + pf.write_text(pf_new) + + c = p.pipenv('verify') + assert c.returncode == 1 + assert 'Pipfile.lock is out-of-date.' in c.stderr From f742b9a8caf08f8633ab3ec4354eecab003c628c Mon Sep 17 00:00:00 2001 From: Denis Sazonov Date: Mon, 20 Dec 2021 11:25:46 +0000 Subject: [PATCH 3/5] added a success message for verify --- pipenv/cli/command.py | 1 + tests/integration/test_cli.py | 1 + 2 files changed, 2 insertions(+) diff --git a/pipenv/cli/command.py b/pipenv/cli/command.py index 0b62158f..ae99b6ba 100644 --- a/pipenv/cli/command.py +++ b/pipenv/cli/command.py @@ -718,6 +718,7 @@ def verify(state): err=True ) sys.exit(1) + echo(crayons.green('Pipfile.lock is up-to-date.')) sys.exit(0) diff --git a/tests/integration/test_cli.py b/tests/integration/test_cli.py index 6fd8a793..b2184b1f 100644 --- a/tests/integration/test_cli.py +++ b/tests/integration/test_cli.py @@ -315,6 +315,7 @@ def test_pipenv_verify_locked_passing(PipenvInstance): p.pipenv('lock') c = p.pipenv('verify') assert c.returncode == 0 + assert 'Pipfile.lock is up-to-date.' in c.stdout @pytest.mark.cli From c7dd39999eca58807f7ffd0a323b8008b81f9422 Mon Sep 17 00:00:00 2001 From: Denis Sazonov Date: Wed, 12 Jan 2022 09:57:07 +0000 Subject: [PATCH 4/5] added news entry for 4893 issue --- news/4893.feature.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 news/4893.feature.rst diff --git a/news/4893.feature.rst b/news/4893.feature.rst new file mode 100644 index 00000000..ea2ab4dd --- /dev/null +++ b/news/4893.feature.rst @@ -0,0 +1 @@ +New CLI command ``verify``, checks the Pipfile.lock is up-to-date \ No newline at end of file From 41e174898c38147b374a45641396792ed0c1adc5 Mon Sep 17 00:00:00 2001 From: Denis Sazonov Date: Wed, 12 Jan 2022 09:57:22 +0000 Subject: [PATCH 5/5] docs update for cli verify command --- docs/advanced.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/advanced.rst b/docs/advanced.rst index 19f38377..e48d94c2 100644 --- a/docs/advanced.rst +++ b/docs/advanced.rst @@ -133,6 +133,12 @@ Or you can install packages exactly as specified in ``Pipfile.lock`` using the ` ``pipenv install --ignore-pipfile`` is nearly equivalent to ``pipenv sync``, but ``pipenv sync`` will *never* attempt to re-lock your dependencies as it is considered an atomic operation. ``pipenv install`` by default does attempt to re-lock unless using the ``--deploy`` flag. +You may only wish to verify your ``Pipfile.lock`` is up-to-date with dependencies specified in the ``Pipfile``, without installing:: + + $ pipenv verify + +The command will perform a verification, and return an exit code ``1`` when dependency locking is needed. This may be useful for cases when the ``Pipfile.lock`` file is subject to version control, so this command can be used within your CI/CD pipelines. + Deploying System Dependencies /////////////////////////////