You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In short, it is a Python project (https://github.com/akawork/jenkins-exporter) that resolves 6 dependencies during the packaging phase but when publishing the build-info in Artifactory using the JFrog CLI, there is one dependency that is missing (certifi-2024.8.30) in the build-info JSON object. Instead, the requests-2.21.0, that is one of the direct dependencies for the project, is appearing twice.
The transitive dependency certifi-2024.8.20 should be listed in the build-info JSON object and the requests-2.21.0 direct dependency should appear just once.
JFrog CLI version
2.67.0
Operating system type and version
Apple M1 Max - Sonoma 14.6.1
JFrog Artifactory version
7.84.12
JFrog Xray version
3.98.5
The text was updated successfully, but these errors were encountered:
cmoyamoradas
changed the title
A transitive dependency is not being identify when publishing the build info for a Python project
A transitive dependency is not being identified when publishing the build info for a Python project
Sep 13, 2024
Describe the bug
In short, it is a Python project (https://github.com/akawork/jenkins-exporter) that resolves 6 dependencies during the packaging phase but when publishing the build-info in Artifactory using the JFrog CLI, there is one dependency that is missing (certifi-2024.8.30) in the build-info JSON object. Instead, the requests-2.21.0, that is one of the direct dependencies for the project, is appearing twice.
Current behavior
The build-info object doesn't reflect the transitive dependency certifi-2024-8-30. Instead, the requests-2.21.0 dependency (for which the certifi dependency is transitive) appears twice :
{
"type": "python",
"id": "jenkins-exporter:1.0",
"dependencies": [
{
"sha1": "6a578028eeb178e16c3f6796420a08825ac33552",
"sha256": "1b38b958750f66f208bcd9ab92a633c0c994d8859c831f7abc1f46724fcee490",
"md5": "07f3a06d16f8d52f5a70220b8e0cb3b2",
"id": "prometheus_client-0.6.0.tar.gz"
},
{
"sha1": "25e1a4ffa07f36024e3a5722a170f254c3d4d245",
"sha256": "7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b",
"md5": "ed3af234ffcad0b3c1e521e1dfde19be",
"id": "requests-2.21.0-py2.py3-none-any.whl"
},
{
"sha1": "25e1a4ffa07f36024e3a5722a170f254c3d4d245",
"sha256": "7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b",
"md5": "ed3af234ffcad0b3c1e521e1dfde19be",
"id": "requests-2.21.0-py2.py3-none-any.whl"
},
{
"sha1": "96faab7de7e9a71b37f22adb64daf2898e967e3e",
"sha256": "fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691",
"md5": "0004b00caff7bb543a1d0d0bd0185a03",
"id": "chardet-3.0.4-py2.py3-none-any.whl"
},
{
"sha1": "428950b762f04cb88c215188c4b60b2d8def8ecd",
"sha256": "ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c",
"md5": "61392a071e4a3b0f84cd6d71f94f15cc",
"id": "idna-2.8-py2.py3-none-any.whl"
},
{
"sha1": "100c48475b7db006881b14cbc3b1861ceffe5a3c",
"sha256": "a637e5fae88995b256e3409dc4d52c2e2e0ba32c42a6365fee8bbd2238de3cfb",
"md5": "cc3c42f7be135658be6d026d42503bd1",
"id": "urllib3-1.24.3-py2.py3-none-any.whl"
}
]
}
Reproduction steps
After cloning the project, these are the list of tasks I'm running:
#!/bin/bash
echo 'Configuring jf pip'
jf pip-config --repo-resolve=carlosmm-pypi-virtual &&
echo 'Installing'
jf pip install -r requirements.txt --build-name=jenkins-exporter --build-number=$1 --no-cache-dir --force-reinstall --trusted-host main.jfrog.local &&
echo 'Building'
python setup.py sdist bdist_wheel
echo 'Uploading'
jf rt u dist/ carlosmm-pypi-virtual/ --build-name=jenkins-exporter --build-number=$1 &&
echo 'Environment info'
jf rt bce jenkins-exporter $1 &&
echo 'Git info'
jf rt bag jenkins-exporter $1 &&
echo 'Publishing build info'
jf rt bp jenkins-exporter $1
Expected behavior
The transitive dependency certifi-2024.8.20 should be listed in the build-info JSON object and the requests-2.21.0 direct dependency should appear just once.
JFrog CLI version
2.67.0
Operating system type and version
Apple M1 Max - Sonoma 14.6.1
JFrog Artifactory version
7.84.12
JFrog Xray version
3.98.5
The text was updated successfully, but these errors were encountered: