Re: [Distutils] Building a Python package build service for warehouse

[Alex Grönholm]

I'd be all for it if I wasn't buried under a ton of other things to do. 
Happy hacking and good luck!



Jannis Gebauer kirjoitti 06.02.2018 klo 10:33:

Hi!

I’m currently working on a package build server. My goal is to produce 
useful additional meta data for all packages available on PyPi.


This includes:

- Transitive dependencies
- Is the package installable under Python 3?
- Various automated “code quality” tests like pylint, pyflakes, pep8, 
mccabe etc.

- Automated security tests
- (possibly changelogs, commit logs)
- Licenses!

The main idea is to run the build process in a restricted “sandbox” 
docker container that pulls the package from PyPi, installs it and 
runs a couple of tools on it. Code is still pretty rough, nothing to 
look at at the moment I’m afraid.


Is there any interest in working on this together? Maybe even with the 
goal to make it an open API that can be consumed by warehouse et al.?


Interested in any thoughts on this!

Cheers,

Jannis

P.S: I’m currently crunching trough the data on a 96 CPU cluster. 
There’s an API available, but it’s sitting behind HTTP Basic Auth as 
it is basically an endpoint for remote code execution (and throws lots 
of 500s :D). Send me a mail to j...@pyup.io  if you 
want to play around with it.





___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig


___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Building a Python package build service for warehouse

[Nick Coghlan]

On 6 February 2018 at 19:33, Jannis Gebauer  wrote:
> The main idea is to run the build process in a restricted “sandbox” docker
> container that pulls the package from PyPi, installs it and runs a couple of
> tools on it. Code is still pretty rough, nothing to look at at the moment
> I’m afraid.

Very cool!

While the language-independent nature of it likely makes it more
complex than what you'd need for a more Python-centric approach, it
may be worth your while to poke around at
https://github.com/fabric8-analytics/fabric8-analytics-worker/blob/master/docs/worker_ecosystem_support.md
which pursues a similar model based on running analyses in celery
worker nodes running on Kubernetes. Unfortunately, the public design
documentation for fabric8-analytics is minimal to nonexistent, so it
can be rather hard to follow as a newcomer to the code base :(

Cheers,
Nick.

-- 
Nick Coghlan   |   ncogh...@gmail.com   |   Brisbane, Australia
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig