[Distutils] Building a Python package build service for warehouse

Jannis Gebauer jay at pyup.io
Tue Feb 6 04:33:32 EST 2018


I’m currently working on a package build server. My goal is to produce useful additional meta data for all packages available on PyPi.

This includes:

- Transitive dependencies
- Is the package installable under Python 3?
- Various automated “code quality” tests like pylint, pyflakes, pep8, mccabe etc.
- Automated security tests
- (possibly changelogs, commit logs)
- Licenses!

The main idea is to run the build process in a restricted “sandbox” docker container that pulls the package from PyPi, installs it and runs a couple of tools on it. Code is still pretty rough, nothing to look at at the moment I’m afraid.

Is there any interest in working on this together? Maybe even with the goal to make it an open API that can be consumed by warehouse et al.?

Interested in any thoughts on this!



P.S: I’m currently crunching trough the data on a 96 CPU cluster. There’s an API available, but it’s sitting behind HTTP Basic Auth as it is basically an endpoint for remote code execution (and throws lots of 500s :D). Send me a mail to jay at pyup.io <mailto:jay at pyup.io> if you want to play around with it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20180206/5e2ed372/attachment.html>

More information about the Distutils-SIG mailing list