Merge pull request #889 from k4nar/fix-887

Don't lock VCS dependencies not listed in the Pipfile
2026-06-05 22:50:18 +00:00 · 2017-10-12 21:55:39 -07:00
parent 6ae362b6e8 cd0000011a
commit bd697b70e3
2 changed files with 38 additions and 1 deletions
@@ -1047,8 +1047,13 @@ def do_lock(verbose=False, system=False, clear=False, pre=False):
    vcs_deps = convert_deps_to_pip(project.vcs_dev_packages, project, r=False)
    pip_freeze = delegator.run('{0} freeze'.format(which_pip())).out

-    for dep in vcs_deps:
+    if vcs_deps:
        for line in pip_freeze.strip().split('\n'):
+            # if the line doesn't match a vcs dependency in the Pipfile,
+            # ignore it
+            if not any(dep in line for dep in vcs_deps):
+                continue
+
            try:
                installed = convert_deps_from_pip(line)
                name = list(installed.keys())[0]
@@ -586,6 +586,38 @@ pytest = "==3.1.1"
            for req in req_list:
                assert req in c.out

+    @pytest.mark.lock
+    @pytest.mark.complex
+    def test_complex_lock_with_vcs_deps(self):
+
+        with PipenvInstance() as p:
+            with open(p.pipfile_path, 'w') as f:
+                contents = """
+[packages]
+click = "==6.7"
+
+[dev-packages]
+requests = {git = "https://github.com/requests/requests", egg = "requests"}
+                """.strip()
+                f.write(contents)
+
+            c = p.pipenv('install')
+            assert c.return_code == 0
+            lock = p.lockfile
+            assert 'requests' in lock['develop']
+            assert 'click' in lock['default']
+
+            c = p.pipenv('run pip install -e git+https://github.com/dateutil/dateutil#egg=python_dateutil')
+            assert c.return_code == 0
+
+            c = p.pipenv('lock')
+            assert c.return_code == 0
+            lock = p.lockfile
+            assert 'requests' in lock['develop']
+            assert 'click' in lock['default']
+            assert 'python_dateutil' not in lock['default']
+            assert 'python_dateutil' not in lock['develop']
+
    @pytest.mark.lock
    @pytest.mark.requirements
    @pytest.mark.complex