valkey-io · BoazBD · Jan 2, 2025 · Dec 30, 2024 · Dec 30, 2024 · Dec 30, 2024
@@ -65,5 +65,5 @@ runs:
               source "$HOME/.cargo/env"
               python3 -m venv .env
               source .env/bin/activate
-              python3 -m pip install --no-cache-dir -r requirements.txt
+              python3 -m pip install --no-cache-dir -r dev_requirements.txt
               maturin develop
@@ -74,7 +74,7 @@ jobs:
               with:
                   repository: "oss-review-toolkit/ort"
                   path: "./ort"
-                  ref: "26.0.0"
+                  ref: "44.0.0"
                   submodules: recursive
 
             - name: Install Rust toolchain
@@ -93,6 +93,7 @@ jobs:
                   cat << EOF > ~/.ort/config/config.yml
                   ort:
                     analyzer:
+                      skip_excluded: true
                       allowDynamicVersions: true
                       enabledPackageManagers: [Cargo, NPM, PIP, GradleInspector]
                   EOF

@@ -115,7 +115,7 @@ jobs:
               working-directory: ./python
               run: |
                   source .env/bin/activate
-                  pip install -r requirements.txt
+                  pip install -r dev_requirements.txt
                   cd python/tests/
                   pytest --asyncio-mode=auto --html=pytest_report.html --self-contained-html
 
@@ -178,7 +178,7 @@ jobs:
               working-directory: ./python
               run: |
                   source .env/bin/activate
-                  pip install -r requirements.txt
+                  pip install -r dev_requirements.txt
                   cd python/tests/
                   pytest --asyncio-mode=auto -k test_pubsub --html=pytest_report.html --self-contained-html
 

@@ -7,6 +7,9 @@ excludes:
           reason: "DEV_DEPENDENCY_OF"
           comment: "Packages for development only."
     paths:
+        - pattern: "dev_requirements.txt"
+          reason: "TEST_TOOL_OF"
+          comment: "Packages for testing only."
         - pattern: ".*"
           reason: "BUILD_TOOL_OF"
           comment: "invisible"
@@ -108,7 +108,7 @@ protoc -Iprotobuf=${GLIDE_ROOT}/glide-core/src/protobuf/    \
 cd python
 python3 -m venv .env
 source .env/bin/activate
-pip install -r requirements.txt
+pip install -r dev_requirements.txt
 ```
 
 ## Build the package (in release mode):
@@ -210,7 +210,7 @@ Run from the main `/python` folder
     ```bash
     cd $HOME/src/valkey-glide/python
     source .env/bin/activate
-    pip install -r requirements.txt
+    pip install -r dev_requirements.txt
     isort . --profile black --skip-glob python/glide/protobuf --skip-glob .env
     black . --exclude python/glide/protobuf --exclude .env
     flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics      \

@@ -0,0 +1,10 @@
+maturin==0.14.17 # higher version break the needs structure changes, the name of the project is not the same as the package name, and the naming both glide create a circular dependency - TODO: fix this 
+pytest
+pytest-asyncio
+pytest-html
+black >= 24.3.0
+flake8 == 5.0
+isort == 5.10
+mypy == 1.13.0
+mypy-protobuf == 3.5
+packaging >= 22.0
@@ -6,6 +6,8 @@ build-backend = "maturin"
 name = "valkey-glide"
 requires-python = ">=3.9"
 dependencies = [
+    # Note: If you add a dependency here, make sure to also add it to requirements.txt
+    # Once issue https://github.com/aboutcode-org/python-inspector/issues/197 is resolved, the requirements.txt file can be removed.
     "async-timeout>=4.0.2; python_version < '3.11'",
     "typing-extensions>=4.8.0; python_version < '3.11'",
     "protobuf>=3.20",

@@ -1,12 +1,5 @@
-async-timeout==4.0.2;python_version<"3.11"
-maturin==0.14.17 # higher version break the needs structure changes, the name of the project is not the same as the package name, and the naming both glide create a circular dependency - TODO: fix this 
-pytest
-pytest-asyncio
-typing_extensions==4.8.0;python_version<"3.11"
-pytest-html
-black >= 24.3.0
-flake8 == 5.0
-isort == 5.10
-mypy == 1.13.0
-mypy-protobuf == 3.5
-packaging >= 22.0
+# Note: The main location for tracking dependencies is pyproject.toml. This file is used only for the ORT process. When adding a dependency, make sure to add it both to this file and to pyproject.toml. 
+# Once issue https://github.com/aboutcode-org/python-inspector/issues/197 is resolved, this file can be removed.
+async-timeout>=4.0.2
+typing-extensions>=4.8.0
+protobuf>=3.20
@@ -13,10 +13,13 @@
 APPROVED_LICENSES = [
     "Unicode-DFS-2016",
     "(Apache-2.0 OR MIT) AND Unicode-DFS-2016",
+    "Unicode-3.0",
+    "(Apache-2.0 OR MIT) AND Unicode-3.0",
     "0BSD OR Apache-2.0 OR MIT",
     "Apache-2.0",
     "Apache-2.0 AND (Apache-2.0 OR BSD-2-Clause)",
     "Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause)",
+    "Apache-2.0 AND MIT",
     "Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT",
     "Apache-2.0 OR BSD-2-Clause OR MIT",
     "Apache-2.0 OR BSL-1.0",
@@ -36,6 +39,11 @@
     "PSF-2.0",
 ]
 
+# Packages with non-pre-approved licenses that received manual approval.
+APPROVED_PACKAGES = [
+    "PyPI::pathspec:0.12.1",
+    "PyPI::certifi:2023.11.17"
+]
 SCRIPT_PATH = os.path.dirname(os.path.realpath(__file__))
 
 
@@ -105,7 +113,7 @@ def __str__(self):
                         package_license = PackageLicense(
                             package["id"], ort_result.name, license
                         )
-                        if license not in APPROVED_LICENSES:
+                        if license not in APPROVED_LICENSES and package["id"] not in APPROVED_PACKAGES:
                             unknown_licenses.append(package_license)
                         else:
                             final_packages.append(package_license)