Skip to content

feat(tw): Add command for compiling requirements #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(tw): Add command for compiling requirements #216

wants to merge 1 commit into from

Conversation

@EyeCantCU
Copy link
Member

@EyeCantCU EyeCantCU commented Oct 9, 2025

This creates a uv project in a temp directory, adds specified packages, and exports a locked requirements file. It enforces the use of Chainguard Libraries by default, and handles authentication

It's basically a wrapper for uv and chainctl that makes 10 commands one command

Example:

❯ tw compilereqs -p django -v 5.2.7
2025/10/09 16:51:23 INFO Created project directory: /var/folders/78/v9095lys6p535p9cx2wx0pk40000gn/T/tw-compilereqs-2784678184
2025/10/09 16:51:23 INFO Using index: https://libraries.cgr.dev/python/simple
2025/10/09 16:51:23 INFO Initializing uv project in /var/folders/78/v9095lys6p535p9cx2wx0pk40000gn/T/tw-compilereqs-2784678184
Initialized project `tw-compilereqs-2784678184`
2025/10/09 16:51:23 INFO Adding main package: django==5.2.7
Using CPython 3.12.12 interpreter at: /opt/homebrew/opt/[email protected]/bin/python3.12
Creating virtual environment at: .venv
Resolved 5 packages in 2.11s
Installed 3 packages in 96ms
 + asgiref==3.10.0
 + django==5.2.7
 + sqlparse==0.5.3
2025/10/09 16:51:26 INFO Exporting requirements to: requirements.locked
Resolved 5 packages in 4ms
# This file was autogenerated by uv via the following command:
#    uv export --output-file requirements.locked
asgiref==3.10.0 \
    --hash=sha256:672801bec3db311d7ad29c457beaa185746169db2141f9938b62133bde4c5030 \
    --hash=sha256:8694520cb96dfefb1cf482e8e0c7b5333102032453bd0a83431c7ad3dda8682d
    # via django
django==5.2.7 \
    --hash=sha256:07d8c3a45590f1844720e0de1ed82a375ee42a8e30a7d61de4b318dcc817fe8b \
    --hash=sha256:235d5cfbf3754e71f9e91f8011f8a4928af43162d985978edb78a115b9e59d25
    # via tw-compilereqs-2784678184
sqlparse==0.5.3 \
    --hash=sha256:34cf9e2b25ed76955af0d283bce0a4e7263514b559667f018ad2e4d4fd74c2b6 \
    --hash=sha256:6ceb28337eda666fc095290b4481b000062ea6905badad1e40ccd60d3310024b
    # via django
tzdata==2025.2 ; sys_platform == 'win32' \
    --hash=sha256:8b75784be46688a1184497b2680e190e269643464fb3dbe16b67e35cb377e3e6 \
    --hash=sha256:d4d654c1526671ca58b521900ef45eb98b3d29ea5cccd7b71dc0c6337056fbf9
    # via django
2025/10/09 16:51:26 INFO Successfully created /Users/rjsampson/Code/cgr/tw/requirements.locked

@EyeCantCU EyeCantCU force-pushed the compile-requirements branch from f49bd33 to 129f932 Compare October 9, 2025 23:15
@EyeCantCU
feat(tw): Add command for compiling requirements
9407e9f 
This creates a uv project in a temp directory, adds specified packages,
and exports a locked requirements file. It enforces the use of
Chainguard Libraries by default, and handles authentication

It's basically a wrapper for uv and chainctl that makes 10 commands one
command

Signed-off-by: RJ Sampson <[email protected]>
@EyeCantCU EyeCantCU force-pushed the compile-requirements branch from 129f932 to 9407e9f Compare October 20, 2025 18:03
smoser
smoser reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

@smoser smoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am fine with this if you intend on using it.
2 thoughts

  1. please add a README.md that describes the command
  2. 'compilereqs' is not necessarily very discoverable. maybe 'py-' or something I don't know. Or at least get python in the --help output. example bumpconstraints says: bumpconstraints Bump Python constraint pins in constraints.txt file

tw/pkg/commands/compilereqs/compilereqs.go
log.InfoContextf(ctx, "Retrieving token from chainctl with audience: %s", audience)

// Get token with chainctl
tokenCmd := exec.CommandContext(ctx, "chainctl", "auth", "token", "--audience", audience)
Copy link
Contributor

@smoser smoser Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit. can you use "--audience=" + audience. "--key=" + value is so much more clear than "--key", "value" because it is more obvious to the reader that value goes with key rather than being a positional argument.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smoser smoser smoser left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EyeCantCU @smoser