Dependency graph does not support setup.cfg for Python

It seems that when dependency-graph support for python was implemented it was missed to read existing PEPs and thus the most important place to store requirements was missing: setup.cfg file.

Example of complex requirements in setup.cfg :

https://github.com/ansible/molecule/blob/master/setup.cfg#L69-L136

https://github.com/pyscaffold/pyscaffold/blob/master/setup.cfg – which happens to be a very good starting template for new python libraries.

The req.txt parser should easily be re-used because the syntax is kep compatible, the only difference being that now the lists are stores in that standardized ini file.

2 Likes

Hello @ssbarnea,

Thanks for the feedback! I’ve taken your suggestion and passed it along to the appropriate teams.

I don’t have an ETA on when or if this request will be implemented but this is in good hands.

1 Like

More than  6 months have passed without any news on this. The reality is that many projects already dropped the setup.py file with was considered deprecated a long time ago.

Still, no news from GitHub regarding ability to read dependencies on Python, current no 3 language by popularity.

I wonder if GitHub uses Open Source code for finding out the dependencies of a Python project. If so, we could help fix this.

GitHub as other priorities, see https://dependabot.com/blog/hello-github/ — happened more than an year ago, still nothing happened regarding improving ability to detect python dependencies on github, anywhere.

I do not expect them to start parsing tox.ini files for dependencies but I was expecting to respect setup.cfg files.

Thanks @ssbarnea! I didn’t find their other priorities at that URL, but I did find their software! I’ll take a look and see what it would take to add setup.cfg support.

There’s a GitHub issue for this feature: dependabot-core#2133.

I also created pull request dependabot-core#2281 with one possible implementation.

1 Like