-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
pipenv check looks at installed packages, not Pipfile.lock #5600
Comments
|
Thanks for taking this suggestion! I appreciate it. I have two quick pieces of feedback for even further improvement
|
@matteius Could I create a PR for the second suggestion since it is a simple condition that needs to be added. |
@ryan-rozario Yes please, that would be a big help. |
Use Case
I would like to run
pipenv check
as a separate job from the build/test job inside a CI pipeline without rebuilding environment. I discovered that I must actually install all packages to apipenv
environment before usingpipenv check
. Ideally, I should be able to scan the dependencies insidePipfile.lock
without actually installing the whole environment.I believe its misleading that right now
pipenv
is just acting as a "proxy" tosafety
, and by default checks an environment that may not matchPipfile.lock
. By usingpipenv check
the assumption should be that it is checking the environment specified inPipfile.lock
and if you need to check an environment that deviates, you usesafety
directly.I've traced the behavior down to these lines:
pipenv/pipenv/core.py
Lines 2900 to 2902 in 8939c86
Instead of generating the temp
requirements.txt
file from the current environment usingpip list
, can we instead generate the temprequirements.txt
fromPipfile.lock
? Something likeWorkaround
I'm currently using the following workaround in my CI job, but would like to go through
pipenv
directly.pipenv requirements --dev | safety check --stdin
The text was updated successfully, but these errors were encountered: