Merge pull request #59 from DepshubHQ/24-add-pip-support

Add pip support

internal/linter/rules/allowed_licenses.go

@@ -19,7 +19,7 @@ func NewRuleAllowedLicenses() *RuleAllowedLicenses {
 	return &RuleAllowedLicenses{
 		name:      "allowed-licenses",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 		value:     DefaultAllowedLicenses,
 	}
 }

internal/linter/rules/lockfile.go

@@ -16,7 +16,7 @@ func NewRuleLockfile() *RuleLockfile {
 	return &RuleLockfile{
 		name:      "lockfile",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/max_libyear.go

@@ -21,7 +21,7 @@ func NewRuleMaxLibyear() *RuleMaxLibyear {
 	return &RuleMaxLibyear{
 		name:      "max-libyear",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 		value:     DefaultMaxLibyear,
 	}
 }

internal/linter/rules/max_major_updates.go

@@ -19,7 +19,7 @@ func NewRuleMaxMajorUpdates() *RuleMaxMajorUpdates {
 	return &RuleMaxMajorUpdates{
 		name:      "max-major-updates",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 		value:     DefaultMaxMajorUpdatesPercent,
 	}
 }

internal/linter/rules/max_minor_updates.go

@@ -19,7 +19,7 @@ func NewRuleMaxMinorUpdates() *RuleMaxMinorUpdates {
 	return &RuleMaxMinorUpdates{
 		name:      "max-minor-updates",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 		value:     DefaultMaxMinorUpdatesPercent,
 	}
 }

internal/linter/rules/max_package_age.go

@@ -20,7 +20,7 @@ func NewRuleMaxPackageAge() *RuleMaxPackageAge {
 	return &RuleMaxPackageAge{
 		name:      "max-package-age",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 		value:     DefaultMaxPackageAge,
 	}
 }

internal/linter/rules/max_patch_updates.go

@@ -19,7 +19,7 @@ func NewRuleMaxPatchUpdates() *RuleMaxPatchUpdates {
 	return &RuleMaxPatchUpdates{
 		name:      "max-patch-updates",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 		value:     DefaultMaxPatchUpdatesPercent,
 	}
 }

internal/linter/rules/no_any_tag.go

@@ -16,7 +16,7 @@ func NewRuleNoAnyTag() *RuleNoAnyTag {
 	return &RuleNoAnyTag{
 		name:      "no-any-tag",
 		level:     LevelWarning,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/no_deprecated.go

@@ -16,7 +16,7 @@ func NewRuleNoDeprecated() *RuleNoDeprecated {
 	return &RuleNoDeprecated{
 		name:      "no-deprecated",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/no_duplicates.go

@@ -16,7 +16,7 @@ func NewRuleNoDuplicates() *RuleNoDuplicates {
 	return &RuleNoDuplicates{
 		name:      "no-duplicates",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/no_multiple_versions.go

@@ -16,7 +16,7 @@ func NewRuleNoMultipleVersions() *RuleNoMultipleVersions {
 	return &RuleNoMultipleVersions{
 		name:      "no-multiple-versions",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/no_pre_release.go

@@ -17,7 +17,7 @@ func NewRuleNoPreRelease() *RuleNoPreRelease {
 	return &RuleNoPreRelease{
 		name:      "no-pre-release",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/no_unstable.go

@@ -19,7 +19,7 @@ func NewRuleNoUnstable() *RuleNoUnstable {
 	return &RuleNoUnstable{
 		name:      "no-unstable",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Cargo, types.Pip},
 	}
 }
 

internal/linter/rules/sorted.go

@@ -16,7 +16,7 @@ func NewRuleSorted() *RuleSorted {
 	return &RuleSorted{
 		name:      "sorted",
 		level:     LevelError,
-		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Cargo},
+		supported: []types.ManagerType{types.Npm, types.Go, types.Cargo, types.Cargo, types.Pip},
 	}
 }
 

pkg/manager/pip/pip.go

@@ -0,0 +1,109 @@
+package pip
+
+import (
+	"bufio"
+	"fmt"
+	"github.com/depshubhq/depshub/pkg/types"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+type Pip struct{}
+
+func (Pip) GetType() types.ManagerType {
+	return types.Pip
+}
+
+func (Pip) Managed(path string) bool {
+	return filepath.Base(path) == "requirements.txt"
+}
+
+func (Pip) Dependencies(path string) ([]types.Dependency, error) {
+	var dependencies []types.Dependency
+
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	lineNum := 0
+
+	// Regex patterns for parsing requirements.txt entries
+	commentPattern := regexp.MustCompile(`^\s*#`)
+	versionPattern := regexp.MustCompile(`^([^=<>!~]+)(==|>=|<=|!=|~=|>|<)(.+)`)
+
+	for scanner.Scan() {
+		lineNum++
+		line := scanner.Text()
+
+		// Skip empty lines and comments
+		if line == "" || commentPattern.MatchString(line) {
+			continue
+		}
+
+		// Handle -r requirements inclusion
+		if strings.HasPrefix(line, "-r ") {
+			continue // Skip requirements file inclusions for now
+		}
+
+		// Extract package name and version
+		var name, version string
+		if matches := versionPattern.FindStringSubmatch(line); matches != nil {
+			name = strings.TrimSpace(matches[1])
+			version = cleanVersion(matches[3])
+		} else {
+			// Package with no version specified
+			name = strings.TrimSpace(line)
+			version = ""
+		}
+
+		dependencies = append(dependencies, types.Dependency{
+			Manager: types.Pip,
+			Name:    name,
+			Version: version,
+			Dev:     false,
+			Definition: types.Definition{
+				Path:    path,
+				RawLine: line,
+				Line:    lineNum,
+			},
+		})
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
+	return dependencies, nil
+}
+
+// Returns the version without any prefix or suffix
+func cleanVersion(version string) string {
+	version = strings.TrimSpace(version)
+
+	// Remove any comments that might be at the end
+	if idx := strings.Index(version, "#"); idx != -1 {
+		version = version[:idx]
+	}
+
+	version = strings.Trim(version, "^~*><= ")
+
+	return version
+}
+
+func (Pip) LockfilePath(path string) (string, error) {
+	// Check for requirements.txt in the same directory
+	lockfilePath := filepath.Join(filepath.Dir(path), "requirements.lock")
+	if _, err := os.Stat(lockfilePath); os.IsNotExist(err) {
+		// Some projects use pip-lock instead
+		lockfilePath = filepath.Join(filepath.Dir(path), "pip.lock")
+		if _, err := os.Stat(lockfilePath); os.IsNotExist(err) {
+			return "", fmt.Errorf("lockfile not found")
+		}
+	}
+	return lockfilePath, nil
+}