-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add metadata validation #147
Comments
Hi @bittner thanks for raising this issue. As I mentioned in pypa/setuptools#1390 (comment), this is something I'm currently working on, and planning to have a PR up for discussion soon. |
I'm not sure if you have started already as there is no PR yet, but if it helps you can take over parts of my code in PR #732 (e.g. the I'm curious about what the interface and and usage pattern will look like, to know whether the implementation in |
Any progress with this issue? Setuptools' issue #1390 is waiting for this to be implemented first. |
Any progress on this? I had hoped I could help fix this easily and quickly. Anything I can do to help get up to speed? Reference to my original PR: pypa/setuptools#1562 |
@di Any progress with metadata validation? |
We discussed this at the packaging mini-summit in May and I've created pypa/packaging-problems#264 as a tracking issue covering the various TODOs necessary to plumb this through the parts of the toolchain. |
Here's @di's work thus far, in case other folks are interested in picking it up: https://github.com/di/packaging/tree/metadata-validation |
master...crwilcox:metadata-validation @crwilcox also took a stab at this, I believe? At this point I am guessing that both @di and @crwilcox have stepped away from this task; it would be very helpful for the pip resolver work (see pypa/packaging-problems#264 ) over the next few months. |
As a feedback to our community: It pays off to encourage people to modify their contribution instead of bluntly dismissing it as "broken" or stating "my idea is the better one", in a certain sense. It's all about people. We Pythonistas should know better. We should do better.
|
It’s not clear what you’re referring to: I don’t find any message saying |
Wanted to post a bit of an update where I'm at with this since it's been a while, and answer some questions. TL;DR this issue is now unblocked and I'm going to continue working my branch. Where should metadata validation live? Where should the implementation come from? What's was the current delay about? What's the problem with the Why don't we just do it later? What's the ideal solution? What's the update? I'd appreciate thoughts & insights from folks that are interested in contributing. I'd especially appreciate a review on the upcoming PR to this repo, since I'm not familiar with the needs of all the tools that may want to use this feature, and want to be able to provide an API that can ideally be used by all of them. |
Thank you for this @di! |
Oops, this was not meant to be closed by pypi/warehouse#7582. I'm still working on this as described above. Externalizing the classifiers was just one step. |
Are there other package servers that don't currently validate metadata? E.g. devpi, a directory served over HTTP Is there a valid use case for custom local metadata; such as local trove classifiers? Is there a PEP that says that metadata MUST validate? Should there be an environment variable and/or a commandline switch for skipping / customizing metadata validation? E.g. |
@di Would you have any ETA for the PR, in terms of an approximate quantum of time (like, a few days, around 5 weeks, a couple of months, or a few hours 🙂)? For self-reference later: PyPI's current validation logic is contained in |
@pradyunsg My only blocker at this point is finding enough hours in the day to finish this. I'll try to make another push on this this week and give an update at the end of the week. |
Ah, awesome, thanks! |
@di is this still on your personal roadmap or should it be available for someone else to take over? |
Both, really. I think @brettcannon was talking about working on this soon. There is also a draft of the API in #332. |
Yeah, I've started thinking about it as PEP 621 and PEP 643 makes it more than just a validation problem but also managing various input and output formats as well as maintaining data consistency for the metadata overall (i.e. |
This came up in pypa/twine#833 (comment). Are there any updates? That also reminded me of pypa/twine#739, which drifted out of the scope of Twine, but remains open because of some of the suggestions starting at pypa/twine#739 (comment). I wonder if any of that is relevant for this issue. |
I think this mainly needs someone to actually do the bulk of the work. That’s how most recent additions happen for this repository. |
I didn't push it any farther due to perceived apathy about the idea and https://pypi.org/project/pep621/ coming into existence. It's one of those things where it's a question of whether this is low-level enough to be in this project or in a separate one due to needing to keep dependencies low (i.e. attrs or pydantic could help with that but I don't see either getting pulled in as a dependency of this project due to vendoring concerns). |
And to be clear, the perceived apathy came from #383 where I was trying to come up with an API for metadata objects where the validation would occur. If people start to show interest again then we can restart both conversations and start driving towards implementing all of this. |
Hi guys, I don't know if this might interest you in this context, but I have created a JSON Schema centric validation library focusing on PEP 621: https://github.com/abravalheri/validate-pyproject This work was inspired by pypa/setuptools#2671. If this can be useful somehow, I am more than happy to engage. |
Using JSON Schema validation is a very good idea as it makes it portable across different file formats and editors. Do you happen to know a vscode extension that can make use of your schema? I would like to test it. |
Sorry, I am afraid not 😓. I suppose such extension would need to be very specific for the |
For anyone following this issue, #518 was recently merged which adds a Metadata API, which this can now build upon. |
Closed by #686 |
I'm trying to help fix the issue of broken package descriptions on PyPI (e.g. pypa/setuptools#1390).
Following a suggestion of @di in pypa/setuptools#1390 (comment), I would do the following:
validation
module to packaging that provides a class with avalidate()
method and anerror
list attribute (an interface that can be easily used in Web frameworks like Pyramid and Django).InvalidMetadataError
if the specs are not met (instead of continuing silently generating a broken PKG-INFO file, as today).Does that sound like something that makes sense?
Should I proceed and open a PR for a
validation
module?The text was updated successfully, but these errors were encountered: