raven
raven copied to clipboard
CycodeLabs
Include `library` folder in Python packages
This is a proposed fix for https://github.com/CycodeLabs/raven/issues/183
Hey and thank you soo much for opening this PR.
I think we could leave the library folder in the root folder instead of moving it to src.
Also, Please take a look at our contributor agreement.
Hey man, the package you are distributing is still broken, and the reason is simple, you do not ship the library in the Python package you distribute on pypi.org. Take a look at the following:
$ mkdir /tmp/test_raven
$ cd /tmp/test_raven/
$ pip download --no-deps raven-cycode
Collecting raven-cycode
Using cached raven_cycode-1.0.9-py3-none-any.whl.metadata (28 kB)
Using cached raven_cycode-1.0.9-py3-none-any.whl (40 kB)
Saved ./raven_cycode-1.0.9-py3-none-any.whl
Successfully downloaded raven-cycode
$ file raven_cycode-1.0.9-py3-none-any.whl
raven_cycode-1.0.9-py3-none-any.whl: Zip archive data, at least v2.0 to extract, compression method=deflate
$ unzip -l raven_cycode-1.0.9-py3-none-any.whl
Archive: raven_cycode-1.0.9-py3-none-any.whl
Length Date Time Name
--------- ---------- ----- ----
74 05-01-2024 14:13 src/__init__.py
7927 05-01-2024 14:13 src/cmdline.py
0 05-01-2024 14:13 src/common/__init__.py
234 05-01-2024 14:13 src/common/ignore_warnings.py
4634 05-01-2024 14:13 src/common/utils.py
0 05-01-2024 14:13 src/config/__init__.py
5528 05-01-2024 14:13 src/config/config.py
0 05-01-2024 14:13 src/downloader/__init__.py
9164 05-01-2024 14:13 src/downloader/download.py
11096 05-01-2024 14:13 src/downloader/gh_api.py
1752 05-01-2024 14:13 src/downloader/utils.py
0 05-01-2024 14:13 src/indexer/__init__.py
6039 05-01-2024 14:13 src/indexer/index.py
0 05-01-2024 14:13 src/logger/__init__.py
949 05-01-2024 14:13 src/logger/log.py
2896 05-01-2024 14:13 src/queries/__init__.py
0 05-01-2024 14:13 src/reporter/__init__.py
2129 05-01-2024 14:13 src/reporter/report.py
626 05-01-2024 14:13 src/reporter/slack_reporter.py
0 05-01-2024 14:13 src/storage/__init__.py
1874 05-01-2024 14:13 src/storage/neo4j_graph.py
89 05-01-2024 14:13 src/storage/neo4j_utils.py
2286 05-01-2024 14:13 src/storage/redis_connection.py
586 05-01-2024 14:13 src/storage/redis_utils.py
0 05-01-2024 14:13 src/workflow_components/__init__.py
5297 05-01-2024 14:13 src/workflow_components/composite_action.py
3022 05-01-2024 14:13 src/workflow_components/dependency.py
1668 05-01-2024 14:13 src/workflow_components/parsing_utils.py
9107 05-01-2024 14:13 src/workflow_components/workflow.py
11357 05-01-2024 14:13 raven_cycode-1.0.9.dist-info/LICENSE.md
28951 05-01-2024 14:13 raven_cycode-1.0.9.dist-info/METADATA
92 05-01-2024 14:13 raven_cycode-1.0.9.dist-info/WHEEL
46 05-01-2024 14:13 raven_cycode-1.0.9.dist-info/entry_points.txt
4 05-01-2024 14:13 raven_cycode-1.0.9.dist-info/top_level.txt
2880 05-01-2024 14:13 raven_cycode-1.0.9.dist-info/RECORD
As you can see, the library is never shipped. In addition, your package is deployed on systems using src as top-folder, which is odd, I also offered a little change in setup.py and in the folder structure to avoid this problem.
If you build the source dist:
$ python setup.py sdist
running sdist
running egg_info
writing src/raven_cycode.egg-info/PKG-INFO
writing dependency_links to src/raven_cycode.egg-info/dependency_links.txt
writing entry points to src/raven_cycode.egg-info/entry_points.txt
writing requirements to src/raven_cycode.egg-info/requires.txt
writing top-level names to src/raven_cycode.egg-info/top_level.txt
reading manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching 'LICENSE'
adding license file 'LICENSE.md'
writing manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
running check
creating raven-cycode-0.0.0
creating raven-cycode-0.0.0/src
creating raven-cycode-0.0.0/src/raven_cycode
creating raven-cycode-0.0.0/src/raven_cycode.egg-info
creating raven-cycode-0.0.0/src/raven_cycode/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/common
creating raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/config
creating raven-cycode-0.0.0/src/raven_cycode/config/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/downloader
creating raven-cycode-0.0.0/src/raven_cycode/indexer
creating raven-cycode-0.0.0/src/raven_cycode/library
creating raven-cycode-0.0.0/src/raven_cycode/logger
creating raven-cycode-0.0.0/src/raven_cycode/logger/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/queries
creating raven-cycode-0.0.0/src/raven_cycode/reporter
creating raven-cycode-0.0.0/src/raven_cycode/storage
creating raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/workflow_components
creating raven-cycode-0.0.0/tests
creating raven-cycode-0.0.0/tests/integration
creating raven-cycode-0.0.0/tests/unit
copying files to raven-cycode-0.0.0...
copying LICENSE.md -> raven-cycode-0.0.0
copying MANIFEST.in -> raven-cycode-0.0.0
copying README.md -> raven-cycode-0.0.0
copying main.py -> raven-cycode-0.0.0
copying requirements.txt -> raven-cycode-0.0.0
copying setup.py -> raven-cycode-0.0.0
copying src/raven_cycode/__init__.py -> raven-cycode-0.0.0/src/raven_cycode
copying src/raven_cycode/cmdline.py -> raven-cycode-0.0.0/src/raven_cycode
copying src/raven_cycode.egg-info/PKG-INFO -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/SOURCES.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/dependency_links.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/entry_points.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/requires.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/top_level.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/__pycache__
copying src/raven_cycode/__pycache__/cmdline.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/__pycache__
copying src/raven_cycode/common/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/common
copying src/raven_cycode/common/ignore_warnings.py -> raven-cycode-0.0.0/src/raven_cycode/common
copying src/raven_cycode/common/utils.py -> raven-cycode-0.0.0/src/raven_cycode/common
copying src/raven_cycode/common/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
copying src/raven_cycode/common/__pycache__/ignore_warnings.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
copying src/raven_cycode/common/__pycache__/utils.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
copying src/raven_cycode/config/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/config
copying src/raven_cycode/config/config.py -> raven-cycode-0.0.0/src/raven_cycode/config
copying src/raven_cycode/config/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/config/__pycache__
copying src/raven_cycode/config/__pycache__/config.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/config/__pycache__
copying src/raven_cycode/downloader/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/downloader/download.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/downloader/gh_api.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/downloader/utils.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/indexer/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/indexer
copying src/raven_cycode/indexer/index.py -> raven-cycode-0.0.0/src/raven_cycode/indexer
copying src/raven_cycode/library/query_body_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_build_artifact_leaks_the_github_token.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_checkout_on_issue.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_codesee_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_email_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_enterprise_github_server.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_injectable_context_composite_action.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_injectable_input_composite_action.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_label_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_message_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_priv_esc_workflow_run.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_pull_request_target_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_ref_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_self_hosted_workflow.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_title_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_unpinnable_action.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_usage_of_outdated_node.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/logger/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/logger
copying src/raven_cycode/logger/log.py -> raven-cycode-0.0.0/src/raven_cycode/logger
copying src/raven_cycode/logger/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/logger/__pycache__
copying src/raven_cycode/logger/__pycache__/log.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/logger/__pycache__
copying src/raven_cycode/queries/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/queries
copying src/raven_cycode/reporter/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/reporter
copying src/raven_cycode/reporter/report.py -> raven-cycode-0.0.0/src/raven_cycode/reporter
copying src/raven_cycode/reporter/slack_reporter.py -> raven-cycode-0.0.0/src/raven_cycode/reporter
copying src/raven_cycode/storage/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_graph.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_utils.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/redis_connection.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/redis_utils.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
copying src/raven_cycode/storage/__pycache__/neo4j_graph.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
copying src/raven_cycode/storage/__pycache__/redis_connection.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
copying src/raven_cycode/workflow_components/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/composite_action.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/dependency.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/parsing_utils.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/workflow.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
if you build the whl:
$ python setup.py bdist_wheel
running bdist_wheel
running build
running build_py
creating build
creating build/lib
creating build/lib/raven_cycode
copying src/raven_cycode/cmdline.py -> build/lib/raven_cycode
copying src/raven_cycode/__init__.py -> build/lib/raven_cycode
creating build/lib/raven_cycode/common
copying src/raven_cycode/common/__init__.py -> build/lib/raven_cycode/common
copying src/raven_cycode/common/ignore_warnings.py -> build/lib/raven_cycode/common
copying src/raven_cycode/common/utils.py -> build/lib/raven_cycode/common
creating build/lib/raven_cycode/config
copying src/raven_cycode/config/__init__.py -> build/lib/raven_cycode/config
copying src/raven_cycode/config/config.py -> build/lib/raven_cycode/config
creating build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/__init__.py -> build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/download.py -> build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/gh_api.py -> build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/utils.py -> build/lib/raven_cycode/downloader
creating build/lib/raven_cycode/indexer
copying src/raven_cycode/indexer/__init__.py -> build/lib/raven_cycode/indexer
copying src/raven_cycode/indexer/index.py -> build/lib/raven_cycode/indexer
creating build/lib/raven_cycode/logger
copying src/raven_cycode/logger/__init__.py -> build/lib/raven_cycode/logger
copying src/raven_cycode/logger/log.py -> build/lib/raven_cycode/logger
creating build/lib/raven_cycode/queries
copying src/raven_cycode/queries/__init__.py -> build/lib/raven_cycode/queries
creating build/lib/raven_cycode/reporter
copying src/raven_cycode/reporter/__init__.py -> build/lib/raven_cycode/reporter
copying src/raven_cycode/reporter/report.py -> build/lib/raven_cycode/reporter
copying src/raven_cycode/reporter/slack_reporter.py -> build/lib/raven_cycode/reporter
creating build/lib/raven_cycode/storage
copying src/raven_cycode/storage/__init__.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_graph.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_utils.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/redis_connection.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/redis_utils.py -> build/lib/raven_cycode/storage
creating build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/__init__.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/composite_action.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/dependency.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/parsing_utils.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/workflow.py -> build/lib/raven_cycode/workflow_components
running egg_info
writing src/raven_cycode.egg-info/PKG-INFO
writing dependency_links to src/raven_cycode.egg-info/dependency_links.txt
writing entry points to src/raven_cycode.egg-info/entry_points.txt
writing requirements to src/raven_cycode.egg-info/requires.txt
writing top-level names to src/raven_cycode.egg-info/top_level.txt
reading manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching 'LICENSE'
adding license file 'LICENSE.md'
writing manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
/usr/lib/python3.12/site-packages/setuptools/command/build_py.py:207: _Warning: Package 'raven_cycode.library' is absent from the `packages` configuration.
!!
********************************************************************************
############################
# Package would be ignored #
############################
Python recognizes 'raven_cycode.library' as an importable package[^1],
but it is absent from setuptools' `packages` configuration.
This leads to an ambiguous overall configuration. If you want to distribute this
package, please make sure that 'raven_cycode.library' is explicitly added
to the `packages` configuration field.
Alternatively, you can also rely on setuptools' discovery methods
(for example by using `find_namespace_packages(...)`/`find_namespace:`
instead of `find_packages(...)`/`find:`).
You can read more about "package discovery" on setuptools documentation page:
- https://setuptools.pypa.io/en/latest/userguide/package_discovery.html
If you don't want 'raven_cycode.library' to be distributed and are
already explicitly excluding 'raven_cycode.library' via
`find_namespace_packages(...)/find_namespace` or `find_packages(...)/find`,
you can try to use `exclude_package_data`, or `include-package-data=False` in
combination with a more fine grained `package-data` configuration.
You can read more about "package data files" on setuptools documentation page:
- https://setuptools.pypa.io/en/latest/userguide/datafiles.html
[^1]: For Python, any directory (with suitable naming) can be imported,
even if it does not contain any `.py` files.
On the other hand, currently there is no concept of package data
directory, all directories are treated like packages.
********************************************************************************
!!
check.warn(importable)
creating build/lib/raven_cycode/library
copying src/raven_cycode/library/query_body_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_build_artifact_leaks_the_github_token.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_checkout_on_issue.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_codesee_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_email_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_enterprise_github_server.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_injectable_context_composite_action.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_injectable_input_composite_action.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_label_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_message_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_priv_esc_workflow_run.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_pull_request_target_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_ref_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_self_hosted_workflow.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_title_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_unpinnable_action.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_usage_of_outdated_node.yml -> build/lib/raven_cycode/library
/usr/lib/python3.12/site-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` directly.
Instead, use pypa/build, pypa/installer or other
standards-based tools.
See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
********************************************************************************
!!
self.initialize_options()
installing to build/bdist.linux-x86_64/wheel
running install
running install_lib
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/wheel
creating build/bdist.linux-x86_64/wheel/raven_cycode
copying build/lib/raven_cycode/cmdline.py -> build/bdist.linux-x86_64/wheel/raven_cycode
copying build/lib/raven_cycode/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode
creating build/bdist.linux-x86_64/wheel/raven_cycode/common
copying build/lib/raven_cycode/common/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/common
copying build/lib/raven_cycode/common/ignore_warnings.py -> build/bdist.linux-x86_64/wheel/raven_cycode/common
copying build/lib/raven_cycode/common/utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/common
creating build/bdist.linux-x86_64/wheel/raven_cycode/config
copying build/lib/raven_cycode/config/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/config
copying build/lib/raven_cycode/config/config.py -> build/bdist.linux-x86_64/wheel/raven_cycode/config
creating build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/download.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/gh_api.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
creating build/bdist.linux-x86_64/wheel/raven_cycode/indexer
copying build/lib/raven_cycode/indexer/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/indexer
copying build/lib/raven_cycode/indexer/index.py -> build/bdist.linux-x86_64/wheel/raven_cycode/indexer
creating build/bdist.linux-x86_64/wheel/raven_cycode/logger
copying build/lib/raven_cycode/logger/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/logger
copying build/lib/raven_cycode/logger/log.py -> build/bdist.linux-x86_64/wheel/raven_cycode/logger
creating build/bdist.linux-x86_64/wheel/raven_cycode/queries
copying build/lib/raven_cycode/queries/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/queries
creating build/bdist.linux-x86_64/wheel/raven_cycode/reporter
copying build/lib/raven_cycode/reporter/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/reporter
copying build/lib/raven_cycode/reporter/report.py -> build/bdist.linux-x86_64/wheel/raven_cycode/reporter
copying build/lib/raven_cycode/reporter/slack_reporter.py -> build/bdist.linux-x86_64/wheel/raven_cycode/reporter
creating build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/neo4j_graph.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/neo4j_utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/redis_connection.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/redis_utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
creating build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/composite_action.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/dependency.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/parsing_utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/workflow.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
creating build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_body_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_build_artifact_leaks_the_github_token.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_checkout_on_issue.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_codesee_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_email_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_enterprise_github_server.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_injectable_context_composite_action.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_injectable_input_composite_action.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_label_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_message_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_priv_esc_workflow_run.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_pull_request_target_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_ref_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_self_hosted_workflow.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_title_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_unpinnable_action.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_usage_of_outdated_node.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
running install_egg_info
Copying src/raven_cycode.egg-info to build/bdist.linux-x86_64/wheel/raven_cycode-0.0.0-py3.12.egg-info
running install_scripts
creating build/bdist.linux-x86_64/wheel/raven_cycode-0.0.0.dist-info/WHEEL
creating 'dist/raven_cycode-0.0.0-py3-none-any.whl' and adding 'build/bdist.linux-x86_64/wheel' to it
adding 'raven_cycode/__init__.py'
adding 'raven_cycode/cmdline.py'
adding 'raven_cycode/common/__init__.py'
adding 'raven_cycode/common/ignore_warnings.py'
adding 'raven_cycode/common/utils.py'
adding 'raven_cycode/config/__init__.py'
adding 'raven_cycode/config/config.py'
adding 'raven_cycode/downloader/__init__.py'
adding 'raven_cycode/downloader/download.py'
adding 'raven_cycode/downloader/gh_api.py'
adding 'raven_cycode/downloader/utils.py'
adding 'raven_cycode/indexer/__init__.py'
adding 'raven_cycode/indexer/index.py'
adding 'raven_cycode/library/query_body_context_injection.yml'
adding 'raven_cycode/library/query_build_artifact_leaks_the_github_token.yml'
adding 'raven_cycode/library/query_checkout_on_issue.yml'
adding 'raven_cycode/library/query_codesee_injection.yml'
adding 'raven_cycode/library/query_email_context_injection.yml'
adding 'raven_cycode/library/query_enterprise_github_server.yml'
adding 'raven_cycode/library/query_injectable_context_composite_action.yml'
adding 'raven_cycode/library/query_injectable_input_composite_action.yml'
adding 'raven_cycode/library/query_label_context_injection.yml'
adding 'raven_cycode/library/query_message_context_injection.yml'
adding 'raven_cycode/library/query_priv_esc_workflow_run.yml'
adding 'raven_cycode/library/query_pull_request_target_injection.yml'
adding 'raven_cycode/library/query_ref_context_injection.yml'
adding 'raven_cycode/library/query_self_hosted_workflow.yml'
adding 'raven_cycode/library/query_title_context_injection.yml'
adding 'raven_cycode/library/query_unpinnable_action.yml'
adding 'raven_cycode/library/query_usage_of_outdated_node.yml'
adding 'raven_cycode/logger/__init__.py'
adding 'raven_cycode/logger/log.py'
adding 'raven_cycode/queries/__init__.py'
adding 'raven_cycode/reporter/__init__.py'
adding 'raven_cycode/reporter/report.py'
adding 'raven_cycode/reporter/slack_reporter.py'
adding 'raven_cycode/storage/__init__.py'
adding 'raven_cycode/storage/neo4j_graph.py'
adding 'raven_cycode/storage/neo4j_utils.py'
adding 'raven_cycode/storage/redis_connection.py'
adding 'raven_cycode/storage/redis_utils.py'
adding 'raven_cycode/workflow_components/__init__.py'
adding 'raven_cycode/workflow_components/composite_action.py'
adding 'raven_cycode/workflow_components/dependency.py'
adding 'raven_cycode/workflow_components/parsing_utils.py'
adding 'raven_cycode/workflow_components/workflow.py'
adding 'raven_cycode-0.0.0.dist-info/LICENSE.md'
adding 'raven_cycode-0.0.0.dist-info/METADATA'
adding 'raven_cycode-0.0.0.dist-info/WHEEL'
adding 'raven_cycode-0.0.0.dist-info/entry_points.txt'
adding 'raven_cycode-0.0.0.dist-info/top_level.txt'
adding 'raven_cycode-0.0.0.dist-info/RECORD'
removing build/bdist.linux-x86_64/wheel
Now, I can eventually install the package and run the raven console script without it failing because it couldn't find the library directory, and you now have a clean filesystem integration :)
$ raven report --format raw
Name: Unpinnable Action
Severity: low
Description: Unpinnable actions can lead to software supply chain attacks.
Tags: ['supply-chain', 'best-practice']
Workflow URLS:
...
Hope that helps, sorry for the huge delay in helping, I actually just needed to run that again. I believe it's a very helpful tool, I just want everyone to be able to use it !
Hey!
A few points about the changes:
I'm not sure if the src/raven_cycode approach is the best one here. I think we should keep the library folder outside the src directory, as its purpose extends beyond just the Python package. Ideally, I would place the library folder outside the src directory and include it in the manifest file.
Let me know what you think!
@elad-pticha if I understand there is two points where you would like further explanation:
- having the source code under
src/raven_cycode - having the library folder outside the source code
For the first point, I would defer to my last comment who explains why I believe this is necessary. Without it, you are shipping code onto people's computer in a namespace that could conflict with other packages, plus it makes your own Python code do imports like from src.libs import ... which isn't probably what you want.
For the second point, what is it that you guys would like to do ? Do you want to ship the library inside the package or not ? Right now, the tool uses a default path value to look for library files and fails (see https://github.com/CycodeLabs/raven/issues/183), so I assumed you want that. If there is an update in the library only once a year, you could just a new pypi release with the updated files, but if you update it every other week, then yes I would understand you being on the look for another solution.
I've made a lot of assumptions about what you want to achieve, which I could be wrong with, but from a Pythonic standpoint, I maintain my suggestions :)
@BastienFaure Thank you again for taking the time!
Regarding the second point, I think it’s a good idea to place the library inside the package. I am considering an approach where the library folder remains at the root of the project.
I also agree with your first point, but I find the src/raven_cycode structure redundant. Can we simplify it to just raven_cycode?
WDYT?
@elad-pticha
For having the source code under src/raven_cycode this is a generally accepted convention, and most projects use that structure, although I also thought it was redundant a few years ago (see https://github.com/psf/black/tree/main/src), it makes integration with Python packaging tools much easier believe me.
So for the library folder, I understand you want to keep at the top of the source tree, but do you want to ship it in your Python packages ? Once you answer that question we can start looking for solutions.
@BastienFaure
I think that both src/raven_cycode and raven_cycode make sense when publishing a single package. I see that both approaches are acceptable, so I am ok with the src/raven_cycode approach.
For example, requests follows the src/packageName structure, while pyperf does not use src.
And yes, we would like to keep the library folder at the root of the project while still shipping it.
@elad-pticha thank you for the feedback. I'm going to look at alternative to ship the library within the package, I believe there is a prebuild hook in setuptools.
