Include `library` folder in Python packages #184

BastienFaure · 2024-06-04T21:42:17Z

This is a proposed fix for #183

…age through MANIFEST and allow their installation with setuptools

…ly to the Docker image

elad-pticha · 2024-06-16T08:08:46Z

Hey and thank you soo much for opening this PR.

I think we could leave the library folder in the root folder instead of moving it to src.
Also, Please take a look at our contributor agreement.

elad-pticha · 2024-06-16T08:09:15Z

MANIFEST.in

@@ -1,3 +1,4 @@
 include README.md LICENSE requirements.txt main.py
+recursive-include src/library *.yml


Change to library *.yml

This is the whole point of this PR, right now you are not including the library within the Python package, and the culprit is that the library it outside the package source, you could maybe do a build hook with setuptools but that is way more complicated than just moving it into the source tree.

See below the build log, the yml files are never included:

$ python setup.py bdist_wheel running bdist_wheel running build running build_py creating build creating build/lib creating build/lib/src copying src/__init__.py -> build/lib/src copying src/cmdline.py -> build/lib/src creating build/lib/src/common copying src/common/__init__.py -> build/lib/src/common copying src/common/ignore_warnings.py -> build/lib/src/common copying src/common/utils.py -> build/lib/src/common creating build/lib/src/config copying src/config/__init__.py -> build/lib/src/config copying src/config/config.py -> build/lib/src/config creating build/lib/src/downloader copying src/downloader/__init__.py -> build/lib/src/downloader copying src/downloader/download.py -> build/lib/src/downloader copying src/downloader/gh_api.py -> build/lib/src/downloader copying src/downloader/utils.py -> build/lib/src/downloader creating build/lib/src/indexer copying src/indexer/__init__.py -> build/lib/src/indexer copying src/indexer/index.py -> build/lib/src/indexer creating build/lib/src/logger copying src/logger/__init__.py -> build/lib/src/logger copying src/logger/log.py -> build/lib/src/logger creating build/lib/src/queries copying src/queries/__init__.py -> build/lib/src/queries creating build/lib/src/reporter copying src/reporter/__init__.py -> build/lib/src/reporter copying src/reporter/report.py -> build/lib/src/reporter copying src/reporter/slack_reporter.py -> build/lib/src/reporter creating build/lib/src/storage copying src/storage/__init__.py -> build/lib/src/storage copying src/storage/neo4j_graph.py -> build/lib/src/storage copying src/storage/neo4j_utils.py -> build/lib/src/storage copying src/storage/redis_connection.py -> build/lib/src/storage copying src/storage/redis_utils.py -> build/lib/src/storage creating build/lib/src/workflow_components copying src/workflow_components/__init__.py -> build/lib/src/workflow_components copying src/workflow_components/composite_action.py -> build/lib/src/workflow_components copying src/workflow_components/dependency.py -> build/lib/src/workflow_components copying src/workflow_components/parsing_utils.py -> build/lib/src/workflow_components copying src/workflow_components/workflow.py -> build/lib/src/workflow_components /usr/lib/python3.12/site-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated. !! ******************************************************************************** Please avoid running ``setup.py`` directly. Instead, use pypa/build, pypa/installer or other standards-based tools. See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details. ******************************************************************************** !! self.initialize_options() installing to build/bdist.linux-x86_64/wheel running install running install_lib creating build/bdist.linux-x86_64 creating build/bdist.linux-x86_64/wheel creating build/bdist.linux-x86_64/wheel/src copying build/lib/src/__init__.py -> build/bdist.linux-x86_64/wheel/src copying build/lib/src/cmdline.py -> build/bdist.linux-x86_64/wheel/src creating build/bdist.linux-x86_64/wheel/src/common copying build/lib/src/common/__init__.py -> build/bdist.linux-x86_64/wheel/src/common copying build/lib/src/common/ignore_warnings.py -> build/bdist.linux-x86_64/wheel/src/common copying build/lib/src/common/utils.py -> build/bdist.linux-x86_64/wheel/src/common creating build/bdist.linux-x86_64/wheel/src/config copying build/lib/src/config/__init__.py -> build/bdist.linux-x86_64/wheel/src/config copying build/lib/src/config/config.py -> build/bdist.linux-x86_64/wheel/src/config creating build/bdist.linux-x86_64/wheel/src/downloader copying build/lib/src/downloader/__init__.py -> build/bdist.linux-x86_64/wheel/src/downloader copying build/lib/src/downloader/download.py -> build/bdist.linux-x86_64/wheel/src/downloader copying build/lib/src/downloader/gh_api.py -> build/bdist.linux-x86_64/wheel/src/downloader copying build/lib/src/downloader/utils.py -> build/bdist.linux-x86_64/wheel/src/downloader creating build/bdist.linux-x86_64/wheel/src/indexer copying build/lib/src/indexer/__init__.py -> build/bdist.linux-x86_64/wheel/src/indexer copying build/lib/src/indexer/index.py -> build/bdist.linux-x86_64/wheel/src/indexer creating build/bdist.linux-x86_64/wheel/src/logger copying build/lib/src/logger/__init__.py -> build/bdist.linux-x86_64/wheel/src/logger copying build/lib/src/logger/log.py -> build/bdist.linux-x86_64/wheel/src/logger creating build/bdist.linux-x86_64/wheel/src/queries copying build/lib/src/queries/__init__.py -> build/bdist.linux-x86_64/wheel/src/queries creating build/bdist.linux-x86_64/wheel/src/reporter copying build/lib/src/reporter/__init__.py -> build/bdist.linux-x86_64/wheel/src/reporter copying build/lib/src/reporter/report.py -> build/bdist.linux-x86_64/wheel/src/reporter copying build/lib/src/reporter/slack_reporter.py -> build/bdist.linux-x86_64/wheel/src/reporter creating build/bdist.linux-x86_64/wheel/src/storage copying build/lib/src/storage/__init__.py -> build/bdist.linux-x86_64/wheel/src/storage copying build/lib/src/storage/neo4j_graph.py -> build/bdist.linux-x86_64/wheel/src/storage copying build/lib/src/storage/neo4j_utils.py -> build/bdist.linux-x86_64/wheel/src/storage copying build/lib/src/storage/redis_connection.py -> build/bdist.linux-x86_64/wheel/src/storage copying build/lib/src/storage/redis_utils.py -> build/bdist.linux-x86_64/wheel/src/storage creating build/bdist.linux-x86_64/wheel/src/workflow_components copying build/lib/src/workflow_components/__init__.py -> build/bdist.linux-x86_64/wheel/src/workflow_components copying build/lib/src/workflow_components/composite_action.py -> build/bdist.linux-x86_64/wheel/src/workflow_components copying build/lib/src/workflow_components/dependency.py -> build/bdist.linux-x86_64/wheel/src/workflow_components copying build/lib/src/workflow_components/parsing_utils.py -> build/bdist.linux-x86_64/wheel/src/workflow_components copying build/lib/src/workflow_components/workflow.py -> build/bdist.linux-x86_64/wheel/src/workflow_components running install_egg_info running egg_info creating raven_cycode.egg-info writing raven_cycode.egg-info/PKG-INFO writing dependency_links to raven_cycode.egg-info/dependency_links.txt writing entry points to raven_cycode.egg-info/entry_points.txt writing requirements to raven_cycode.egg-info/requires.txt writing top-level names to raven_cycode.egg-info/top_level.txt writing manifest file 'raven_cycode.egg-info/SOURCES.txt' reading manifest file 'raven_cycode.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no files found matching 'LICENSE' adding license file 'LICENSE.md' writing manifest file 'raven_cycode.egg-info/SOURCES.txt' Copying raven_cycode.egg-info to build/bdist.linux-x86_64/wheel/raven_cycode-0.0.0-py3.12.egg-info running install_scripts creating build/bdist.linux-x86_64/wheel/raven_cycode-0.0.0.dist-info/WHEEL creating 'dist/raven_cycode-0.0.0-py3-none-any.whl' and adding 'build/bdist.linux-x86_64/wheel' to it adding 'src/__init__.py' adding 'src/cmdline.py' adding 'src/common/__init__.py' adding 'src/common/ignore_warnings.py' adding 'src/common/utils.py' adding 'src/config/__init__.py' adding 'src/config/config.py' adding 'src/downloader/__init__.py' adding 'src/downloader/download.py' adding 'src/downloader/gh_api.py' adding 'src/downloader/utils.py' adding 'src/indexer/__init__.py' adding 'src/indexer/index.py' adding 'src/logger/__init__.py' adding 'src/logger/log.py' adding 'src/queries/__init__.py' adding 'src/reporter/__init__.py' adding 'src/reporter/report.py' adding 'src/reporter/slack_reporter.py' adding 'src/storage/__init__.py' adding 'src/storage/neo4j_graph.py' adding 'src/storage/neo4j_utils.py' adding 'src/storage/redis_connection.py' adding 'src/storage/redis_utils.py' adding 'src/workflow_components/__init__.py' adding 'src/workflow_components/composite_action.py' adding 'src/workflow_components/dependency.py' adding 'src/workflow_components/parsing_utils.py' adding 'src/workflow_components/workflow.py' adding 'raven_cycode-0.0.0.dist-info/LICENSE.md' adding 'raven_cycode-0.0.0.dist-info/METADATA' adding 'raven_cycode-0.0.0.dist-info/WHEEL' adding 'raven_cycode-0.0.0.dist-info/entry_points.txt' adding 'raven_cycode-0.0.0.dist-info/top_level.txt' adding 'raven_cycode-0.0.0.dist-info/RECORD' removing build/bdist.linux-x86_64/wheel

elad-pticha · 2024-06-16T08:09:37Z

deployment/test.dockerfile


 # Run RAVEN tests
-CMD ["make", "test-run"]
+CMD ["make", "test-run"]


Remove extra line added

elad-pticha · 2024-06-16T08:10:29Z

setup.py

    install_requires=REQUIRMENTS,
    packages=find_packages(exclude=("tests", "tests.*")),
    entry_points={"console_scripts": ["raven = src.cmdline:execute"]},
+    include_package_data=True,


Is this required?
I tried to build the package without this, and it worked. Is there something I am missing?

Just a safeguard, it looks like it's at True by default but the package wants the data to be included, so I'd suggest to keep it explicit.

elad-pticha

Good idea!
Please take a look at the comments.

BastienFaure · 2025-02-20T02:46:36Z

Hey man, the package you are distributing is still broken, and the reason is simple, you do not ship the library in the Python package you distribute on pypi.org. Take a look at the following:

$ mkdir /tmp/test_raven
$ cd /tmp/test_raven/
$ pip download --no-deps raven-cycode
Collecting raven-cycode
  Using cached raven_cycode-1.0.9-py3-none-any.whl.metadata (28 kB)
Using cached raven_cycode-1.0.9-py3-none-any.whl (40 kB)
Saved ./raven_cycode-1.0.9-py3-none-any.whl
Successfully downloaded raven-cycode
$ file raven_cycode-1.0.9-py3-none-any.whl 
raven_cycode-1.0.9-py3-none-any.whl: Zip archive data, at least v2.0 to extract, compression method=deflate
$ unzip -l raven_cycode-1.0.9-py3-none-any.whl 
Archive:  raven_cycode-1.0.9-py3-none-any.whl
  Length      Date    Time    Name
---------  ---------- -----   ----
       74  05-01-2024 14:13   src/__init__.py
     7927  05-01-2024 14:13   src/cmdline.py
        0  05-01-2024 14:13   src/common/__init__.py
      234  05-01-2024 14:13   src/common/ignore_warnings.py
     4634  05-01-2024 14:13   src/common/utils.py
        0  05-01-2024 14:13   src/config/__init__.py
     5528  05-01-2024 14:13   src/config/config.py
        0  05-01-2024 14:13   src/downloader/__init__.py
     9164  05-01-2024 14:13   src/downloader/download.py
    11096  05-01-2024 14:13   src/downloader/gh_api.py
     1752  05-01-2024 14:13   src/downloader/utils.py
        0  05-01-2024 14:13   src/indexer/__init__.py
     6039  05-01-2024 14:13   src/indexer/index.py
        0  05-01-2024 14:13   src/logger/__init__.py
      949  05-01-2024 14:13   src/logger/log.py
     2896  05-01-2024 14:13   src/queries/__init__.py
        0  05-01-2024 14:13   src/reporter/__init__.py
     2129  05-01-2024 14:13   src/reporter/report.py
      626  05-01-2024 14:13   src/reporter/slack_reporter.py
        0  05-01-2024 14:13   src/storage/__init__.py
     1874  05-01-2024 14:13   src/storage/neo4j_graph.py
       89  05-01-2024 14:13   src/storage/neo4j_utils.py
     2286  05-01-2024 14:13   src/storage/redis_connection.py
      586  05-01-2024 14:13   src/storage/redis_utils.py
        0  05-01-2024 14:13   src/workflow_components/__init__.py
     5297  05-01-2024 14:13   src/workflow_components/composite_action.py
     3022  05-01-2024 14:13   src/workflow_components/dependency.py
     1668  05-01-2024 14:13   src/workflow_components/parsing_utils.py
     9107  05-01-2024 14:13   src/workflow_components/workflow.py
    11357  05-01-2024 14:13   raven_cycode-1.0.9.dist-info/LICENSE.md
    28951  05-01-2024 14:13   raven_cycode-1.0.9.dist-info/METADATA
       92  05-01-2024 14:13   raven_cycode-1.0.9.dist-info/WHEEL
       46  05-01-2024 14:13   raven_cycode-1.0.9.dist-info/entry_points.txt
        4  05-01-2024 14:13   raven_cycode-1.0.9.dist-info/top_level.txt
     2880  05-01-2024 14:13   raven_cycode-1.0.9.dist-info/RECORD

As you can see, the library is never shipped. In addition, your package is deployed on systems using src as top-folder, which is odd, I also offered a little change in setup.py and in the folder structure to avoid this problem.

If you build the source dist:

$ python setup.py sdist
running sdist
running egg_info
writing src/raven_cycode.egg-info/PKG-INFO
writing dependency_links to src/raven_cycode.egg-info/dependency_links.txt
writing entry points to src/raven_cycode.egg-info/entry_points.txt
writing requirements to src/raven_cycode.egg-info/requires.txt
writing top-level names to src/raven_cycode.egg-info/top_level.txt
reading manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching 'LICENSE'
adding license file 'LICENSE.md'
writing manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
running check
creating raven-cycode-0.0.0
creating raven-cycode-0.0.0/src
creating raven-cycode-0.0.0/src/raven_cycode
creating raven-cycode-0.0.0/src/raven_cycode.egg-info
creating raven-cycode-0.0.0/src/raven_cycode/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/common
creating raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/config
creating raven-cycode-0.0.0/src/raven_cycode/config/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/downloader
creating raven-cycode-0.0.0/src/raven_cycode/indexer
creating raven-cycode-0.0.0/src/raven_cycode/library
creating raven-cycode-0.0.0/src/raven_cycode/logger
creating raven-cycode-0.0.0/src/raven_cycode/logger/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/queries
creating raven-cycode-0.0.0/src/raven_cycode/reporter
creating raven-cycode-0.0.0/src/raven_cycode/storage
creating raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
creating raven-cycode-0.0.0/src/raven_cycode/workflow_components
creating raven-cycode-0.0.0/tests
creating raven-cycode-0.0.0/tests/integration
creating raven-cycode-0.0.0/tests/unit
copying files to raven-cycode-0.0.0...
copying LICENSE.md -> raven-cycode-0.0.0
copying MANIFEST.in -> raven-cycode-0.0.0
copying README.md -> raven-cycode-0.0.0
copying main.py -> raven-cycode-0.0.0
copying requirements.txt -> raven-cycode-0.0.0
copying setup.py -> raven-cycode-0.0.0
copying src/raven_cycode/__init__.py -> raven-cycode-0.0.0/src/raven_cycode
copying src/raven_cycode/cmdline.py -> raven-cycode-0.0.0/src/raven_cycode
copying src/raven_cycode.egg-info/PKG-INFO -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/SOURCES.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/dependency_links.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/entry_points.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/requires.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode.egg-info/top_level.txt -> raven-cycode-0.0.0/src/raven_cycode.egg-info
copying src/raven_cycode/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/__pycache__
copying src/raven_cycode/__pycache__/cmdline.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/__pycache__
copying src/raven_cycode/common/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/common
copying src/raven_cycode/common/ignore_warnings.py -> raven-cycode-0.0.0/src/raven_cycode/common
copying src/raven_cycode/common/utils.py -> raven-cycode-0.0.0/src/raven_cycode/common
copying src/raven_cycode/common/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
copying src/raven_cycode/common/__pycache__/ignore_warnings.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
copying src/raven_cycode/common/__pycache__/utils.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/common/__pycache__
copying src/raven_cycode/config/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/config
copying src/raven_cycode/config/config.py -> raven-cycode-0.0.0/src/raven_cycode/config
copying src/raven_cycode/config/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/config/__pycache__
copying src/raven_cycode/config/__pycache__/config.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/config/__pycache__
copying src/raven_cycode/downloader/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/downloader/download.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/downloader/gh_api.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/downloader/utils.py -> raven-cycode-0.0.0/src/raven_cycode/downloader
copying src/raven_cycode/indexer/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/indexer
copying src/raven_cycode/indexer/index.py -> raven-cycode-0.0.0/src/raven_cycode/indexer
copying src/raven_cycode/library/query_body_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_build_artifact_leaks_the_github_token.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_checkout_on_issue.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_codesee_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_email_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_enterprise_github_server.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_injectable_context_composite_action.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_injectable_input_composite_action.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_label_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_message_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_priv_esc_workflow_run.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_pull_request_target_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_ref_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_self_hosted_workflow.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_title_context_injection.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_unpinnable_action.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/library/query_usage_of_outdated_node.yml -> raven-cycode-0.0.0/src/raven_cycode/library
copying src/raven_cycode/logger/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/logger
copying src/raven_cycode/logger/log.py -> raven-cycode-0.0.0/src/raven_cycode/logger
copying src/raven_cycode/logger/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/logger/__pycache__
copying src/raven_cycode/logger/__pycache__/log.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/logger/__pycache__
copying src/raven_cycode/queries/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/queries
copying src/raven_cycode/reporter/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/reporter
copying src/raven_cycode/reporter/report.py -> raven-cycode-0.0.0/src/raven_cycode/reporter
copying src/raven_cycode/reporter/slack_reporter.py -> raven-cycode-0.0.0/src/raven_cycode/reporter
copying src/raven_cycode/storage/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_graph.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_utils.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/redis_connection.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/redis_utils.py -> raven-cycode-0.0.0/src/raven_cycode/storage
copying src/raven_cycode/storage/__pycache__/__init__.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
copying src/raven_cycode/storage/__pycache__/neo4j_graph.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
copying src/raven_cycode/storage/__pycache__/redis_connection.cpython-312.pyc -> raven-cycode-0.0.0/src/raven_cycode/storage/__pycache__
copying src/raven_cycode/workflow_components/__init__.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/composite_action.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/dependency.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/parsing_utils.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/workflow.py -> raven-cycode-0.0.0/src/raven_cycode/workflow_components

if you build the whl:

$ python setup.py bdist_wheel
running bdist_wheel
running build
running build_py
creating build
creating build/lib
creating build/lib/raven_cycode
copying src/raven_cycode/cmdline.py -> build/lib/raven_cycode
copying src/raven_cycode/__init__.py -> build/lib/raven_cycode
creating build/lib/raven_cycode/common
copying src/raven_cycode/common/__init__.py -> build/lib/raven_cycode/common
copying src/raven_cycode/common/ignore_warnings.py -> build/lib/raven_cycode/common
copying src/raven_cycode/common/utils.py -> build/lib/raven_cycode/common
creating build/lib/raven_cycode/config
copying src/raven_cycode/config/__init__.py -> build/lib/raven_cycode/config
copying src/raven_cycode/config/config.py -> build/lib/raven_cycode/config
creating build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/__init__.py -> build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/download.py -> build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/gh_api.py -> build/lib/raven_cycode/downloader
copying src/raven_cycode/downloader/utils.py -> build/lib/raven_cycode/downloader
creating build/lib/raven_cycode/indexer
copying src/raven_cycode/indexer/__init__.py -> build/lib/raven_cycode/indexer
copying src/raven_cycode/indexer/index.py -> build/lib/raven_cycode/indexer
creating build/lib/raven_cycode/logger
copying src/raven_cycode/logger/__init__.py -> build/lib/raven_cycode/logger
copying src/raven_cycode/logger/log.py -> build/lib/raven_cycode/logger
creating build/lib/raven_cycode/queries
copying src/raven_cycode/queries/__init__.py -> build/lib/raven_cycode/queries
creating build/lib/raven_cycode/reporter
copying src/raven_cycode/reporter/__init__.py -> build/lib/raven_cycode/reporter
copying src/raven_cycode/reporter/report.py -> build/lib/raven_cycode/reporter
copying src/raven_cycode/reporter/slack_reporter.py -> build/lib/raven_cycode/reporter
creating build/lib/raven_cycode/storage
copying src/raven_cycode/storage/__init__.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_graph.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/neo4j_utils.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/redis_connection.py -> build/lib/raven_cycode/storage
copying src/raven_cycode/storage/redis_utils.py -> build/lib/raven_cycode/storage
creating build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/__init__.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/composite_action.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/dependency.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/parsing_utils.py -> build/lib/raven_cycode/workflow_components
copying src/raven_cycode/workflow_components/workflow.py -> build/lib/raven_cycode/workflow_components
running egg_info
writing src/raven_cycode.egg-info/PKG-INFO
writing dependency_links to src/raven_cycode.egg-info/dependency_links.txt
writing entry points to src/raven_cycode.egg-info/entry_points.txt
writing requirements to src/raven_cycode.egg-info/requires.txt
writing top-level names to src/raven_cycode.egg-info/top_level.txt
reading manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching 'LICENSE'
adding license file 'LICENSE.md'
writing manifest file 'src/raven_cycode.egg-info/SOURCES.txt'
/usr/lib/python3.12/site-packages/setuptools/command/build_py.py:207: _Warning: Package 'raven_cycode.library' is absent from the `packages` configuration.
!!

        ********************************************************************************
        ############################
        # Package would be ignored #
        ############################
        Python recognizes 'raven_cycode.library' as an importable package[^1],
        but it is absent from setuptools' `packages` configuration.

        This leads to an ambiguous overall configuration. If you want to distribute this
        package, please make sure that 'raven_cycode.library' is explicitly added
        to the `packages` configuration field.

        Alternatively, you can also rely on setuptools' discovery methods
        (for example by using `find_namespace_packages(...)`/`find_namespace:`
        instead of `find_packages(...)`/`find:`).

        You can read more about "package discovery" on setuptools documentation page:

        - https://setuptools.pypa.io/en/latest/userguide/package_discovery.html

        If you don't want 'raven_cycode.library' to be distributed and are
        already explicitly excluding 'raven_cycode.library' via
        `find_namespace_packages(...)/find_namespace` or `find_packages(...)/find`,
        you can try to use `exclude_package_data`, or `include-package-data=False` in
        combination with a more fine grained `package-data` configuration.

        You can read more about "package data files" on setuptools documentation page:

        - https://setuptools.pypa.io/en/latest/userguide/datafiles.html


        [^1]: For Python, any directory (with suitable naming) can be imported,
              even if it does not contain any `.py` files.
              On the other hand, currently there is no concept of package data
              directory, all directories are treated like packages.
        ********************************************************************************

!!
  check.warn(importable)
creating build/lib/raven_cycode/library
copying src/raven_cycode/library/query_body_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_build_artifact_leaks_the_github_token.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_checkout_on_issue.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_codesee_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_email_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_enterprise_github_server.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_injectable_context_composite_action.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_injectable_input_composite_action.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_label_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_message_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_priv_esc_workflow_run.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_pull_request_target_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_ref_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_self_hosted_workflow.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_title_context_injection.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_unpinnable_action.yml -> build/lib/raven_cycode/library
copying src/raven_cycode/library/query_usage_of_outdated_node.yml -> build/lib/raven_cycode/library
/usr/lib/python3.12/site-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!

        ********************************************************************************
        Please avoid running ``setup.py`` directly.
        Instead, use pypa/build, pypa/installer or other
        standards-based tools.

        See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
        ********************************************************************************

!!
  self.initialize_options()
installing to build/bdist.linux-x86_64/wheel
running install
running install_lib
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/wheel
creating build/bdist.linux-x86_64/wheel/raven_cycode
copying build/lib/raven_cycode/cmdline.py -> build/bdist.linux-x86_64/wheel/raven_cycode
copying build/lib/raven_cycode/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode
creating build/bdist.linux-x86_64/wheel/raven_cycode/common
copying build/lib/raven_cycode/common/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/common
copying build/lib/raven_cycode/common/ignore_warnings.py -> build/bdist.linux-x86_64/wheel/raven_cycode/common
copying build/lib/raven_cycode/common/utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/common
creating build/bdist.linux-x86_64/wheel/raven_cycode/config
copying build/lib/raven_cycode/config/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/config
copying build/lib/raven_cycode/config/config.py -> build/bdist.linux-x86_64/wheel/raven_cycode/config
creating build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/download.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/gh_api.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
copying build/lib/raven_cycode/downloader/utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/downloader
creating build/bdist.linux-x86_64/wheel/raven_cycode/indexer
copying build/lib/raven_cycode/indexer/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/indexer
copying build/lib/raven_cycode/indexer/index.py -> build/bdist.linux-x86_64/wheel/raven_cycode/indexer
creating build/bdist.linux-x86_64/wheel/raven_cycode/logger
copying build/lib/raven_cycode/logger/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/logger
copying build/lib/raven_cycode/logger/log.py -> build/bdist.linux-x86_64/wheel/raven_cycode/logger
creating build/bdist.linux-x86_64/wheel/raven_cycode/queries
copying build/lib/raven_cycode/queries/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/queries
creating build/bdist.linux-x86_64/wheel/raven_cycode/reporter
copying build/lib/raven_cycode/reporter/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/reporter
copying build/lib/raven_cycode/reporter/report.py -> build/bdist.linux-x86_64/wheel/raven_cycode/reporter
copying build/lib/raven_cycode/reporter/slack_reporter.py -> build/bdist.linux-x86_64/wheel/raven_cycode/reporter
creating build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/neo4j_graph.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/neo4j_utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/redis_connection.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
copying build/lib/raven_cycode/storage/redis_utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/storage
creating build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/__init__.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/composite_action.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/dependency.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/parsing_utils.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
copying build/lib/raven_cycode/workflow_components/workflow.py -> build/bdist.linux-x86_64/wheel/raven_cycode/workflow_components
creating build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_body_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_build_artifact_leaks_the_github_token.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_checkout_on_issue.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_codesee_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_email_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_enterprise_github_server.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_injectable_context_composite_action.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_injectable_input_composite_action.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_label_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_message_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_priv_esc_workflow_run.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_pull_request_target_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_ref_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_self_hosted_workflow.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_title_context_injection.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_unpinnable_action.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
copying build/lib/raven_cycode/library/query_usage_of_outdated_node.yml -> build/bdist.linux-x86_64/wheel/raven_cycode/library
running install_egg_info
Copying src/raven_cycode.egg-info to build/bdist.linux-x86_64/wheel/raven_cycode-0.0.0-py3.12.egg-info
running install_scripts
creating build/bdist.linux-x86_64/wheel/raven_cycode-0.0.0.dist-info/WHEEL
creating 'dist/raven_cycode-0.0.0-py3-none-any.whl' and adding 'build/bdist.linux-x86_64/wheel' to it
adding 'raven_cycode/__init__.py'
adding 'raven_cycode/cmdline.py'
adding 'raven_cycode/common/__init__.py'
adding 'raven_cycode/common/ignore_warnings.py'
adding 'raven_cycode/common/utils.py'
adding 'raven_cycode/config/__init__.py'
adding 'raven_cycode/config/config.py'
adding 'raven_cycode/downloader/__init__.py'
adding 'raven_cycode/downloader/download.py'
adding 'raven_cycode/downloader/gh_api.py'
adding 'raven_cycode/downloader/utils.py'
adding 'raven_cycode/indexer/__init__.py'
adding 'raven_cycode/indexer/index.py'
adding 'raven_cycode/library/query_body_context_injection.yml'
adding 'raven_cycode/library/query_build_artifact_leaks_the_github_token.yml'
adding 'raven_cycode/library/query_checkout_on_issue.yml'
adding 'raven_cycode/library/query_codesee_injection.yml'
adding 'raven_cycode/library/query_email_context_injection.yml'
adding 'raven_cycode/library/query_enterprise_github_server.yml'
adding 'raven_cycode/library/query_injectable_context_composite_action.yml'
adding 'raven_cycode/library/query_injectable_input_composite_action.yml'
adding 'raven_cycode/library/query_label_context_injection.yml'
adding 'raven_cycode/library/query_message_context_injection.yml'
adding 'raven_cycode/library/query_priv_esc_workflow_run.yml'
adding 'raven_cycode/library/query_pull_request_target_injection.yml'
adding 'raven_cycode/library/query_ref_context_injection.yml'
adding 'raven_cycode/library/query_self_hosted_workflow.yml'
adding 'raven_cycode/library/query_title_context_injection.yml'
adding 'raven_cycode/library/query_unpinnable_action.yml'
adding 'raven_cycode/library/query_usage_of_outdated_node.yml'
adding 'raven_cycode/logger/__init__.py'
adding 'raven_cycode/logger/log.py'
adding 'raven_cycode/queries/__init__.py'
adding 'raven_cycode/reporter/__init__.py'
adding 'raven_cycode/reporter/report.py'
adding 'raven_cycode/reporter/slack_reporter.py'
adding 'raven_cycode/storage/__init__.py'
adding 'raven_cycode/storage/neo4j_graph.py'
adding 'raven_cycode/storage/neo4j_utils.py'
adding 'raven_cycode/storage/redis_connection.py'
adding 'raven_cycode/storage/redis_utils.py'
adding 'raven_cycode/workflow_components/__init__.py'
adding 'raven_cycode/workflow_components/composite_action.py'
adding 'raven_cycode/workflow_components/dependency.py'
adding 'raven_cycode/workflow_components/parsing_utils.py'
adding 'raven_cycode/workflow_components/workflow.py'
adding 'raven_cycode-0.0.0.dist-info/LICENSE.md'
adding 'raven_cycode-0.0.0.dist-info/METADATA'
adding 'raven_cycode-0.0.0.dist-info/WHEEL'
adding 'raven_cycode-0.0.0.dist-info/entry_points.txt'
adding 'raven_cycode-0.0.0.dist-info/top_level.txt'
adding 'raven_cycode-0.0.0.dist-info/RECORD'
removing build/bdist.linux-x86_64/wheel

Now, I can eventually install the package and run the raven console script without it failing because it couldn't find the library directory, and you now have a clean filesystem integration :)

$ raven report --format raw

Name: Unpinnable Action
Severity: low
Description: Unpinnable actions can lead to software supply chain attacks.
Tags: ['supply-chain', 'best-practice']
Workflow URLS:
...

Hope that helps, sorry for the huge delay in helping, I actually just needed to run that again. I believe it's a very helpful tool, I just want everyone to be able to use it !

elad-pticha · 2025-02-23T10:47:52Z

Hey!

A few points about the changes:

I'm not sure if the src/raven_cycode approach is the best one here. I think we should keep the library folder outside the src directory, as its purpose extends beyond just the Python package. Ideally, I would place the library folder outside the src directory and include it in the manifest file.

Let me know what you think!

BastienFaure · 2025-02-23T21:24:25Z

@elad-pticha if I understand there is two points where you would like further explanation:

having the source code under src/raven_cycode
having the library folder outside the source code

For the first point, I would defer to my last comment who explains why I believe this is necessary. Without it, you are shipping code onto people's computer in a namespace that could conflict with other packages, plus it makes your own Python code do imports like from src.libs import ... which isn't probably what you want.

For the second point, what is it that you guys would like to do ? Do you want to ship the library inside the package or not ? Right now, the tool uses a default path value to look for library files and fails (see #183), so I assumed you want that. If there is an update in the library only once a year, you could just a new pypi release with the updated files, but if you update it every other week, then yes I would understand you being on the look for another solution.

I've made a lot of assumptions about what you want to achieve, which I could be wrong with, but from a Pythonic standpoint, I maintain my suggestions :)

elad-pticha · 2025-02-24T11:15:23Z

@BastienFaure Thank you again for taking the time!

Regarding the second point, I think it’s a good idea to place the library inside the package. I am considering an approach where the library folder remains at the root of the project.

I also agree with your first point, but I find the src/raven_cycode structure redundant. Can we simplify it to just raven_cycode?

WDYT?

BastienFaure · 2025-02-24T16:23:23Z

@elad-pticha

For having the source code under src/raven_cycode this is a generally accepted convention, and most projects use that structure, although I also thought it was redundant a few years ago (see https://github.com/psf/black/tree/main/src), it makes integration with Python packaging tools much easier believe me.

So for the library folder, I understand you want to keep at the top of the source tree, but do you want to ship it in your Python packages ? Once you answer that question we can start looking for solutions.

elad-pticha · 2025-02-25T09:38:31Z

@BastienFaure
I think that both src/raven_cycode and raven_cycode make sense when publishing a single package. I see that both approaches are acceptable, so I am ok with the src/raven_cycode approach.

For example, requests follows the src/packageName structure, while pyperf does not use src.

And yes, we would like to keep the library folder at the root of the project while still shipping it.

bishopfaure · 2025-02-25T16:45:13Z

@elad-pticha thank you for the feedback. I'm going to look at alternative to ship the library within the package, I believe there is a prebuild hook in setuptools.

BastienFaure added 2 commits June 4, 2024 14:40

Move library folder into source package tree, include library in pack…

7146657

…age through MANIFEST and allow their installation with setuptools

library folder is now under ./src, does not need to be added separate…

2f930bb

…ly to the Docker image

elad-pticha reviewed Jun 16, 2024

View reviewed changes

elad-pticha suggested changes Jun 16, 2024

View reviewed changes

BastienFaure added 3 commits February 19, 2025 21:34

Move code into proper package source directory

25955d9

Adapt imports to use raven_cycode namespace

56512eb

Merge main upstream

42b7a5e

Yggdrasill501 approved these changes Feb 22, 2025

View reviewed changes

		@@ -1,3 +1,4 @@
		include README.md LICENSE requirements.txt main.py
		recursive-include src/library *.yml

Include library folder in Python packages #184

Are you sure you want to change the base?

Include library folder in Python packages #184

Uh oh!

Conversation

BastienFaure commented Jun 4, 2024

Uh oh!

elad-pticha commented Jun 16, 2024

Uh oh!

elad-pticha Jun 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

BastienFaure Feb 20, 2025

Choose a reason for hiding this comment

Uh oh!

elad-pticha Jun 16, 2024

Choose a reason for hiding this comment

Uh oh!

elad-pticha Jun 16, 2024

Choose a reason for hiding this comment

Uh oh!

BastienFaure Feb 20, 2025

Choose a reason for hiding this comment

Uh oh!

elad-pticha left a comment

Choose a reason for hiding this comment

Uh oh!

BastienFaure commented Feb 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

elad-pticha commented Feb 23, 2025

Uh oh!

BastienFaure commented Feb 23, 2025

Uh oh!

elad-pticha commented Feb 24, 2025

Uh oh!

BastienFaure commented Feb 24, 2025

Uh oh!

elad-pticha commented Feb 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

bishopfaure commented Feb 25, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Include `library` folder in Python packages #184

Include `library` folder in Python packages #184

elad-pticha Jun 16, 2024 •

edited

Loading

BastienFaure commented Feb 20, 2025 •

edited

Loading

elad-pticha commented Feb 25, 2025 •

edited

Loading