Merge branch 'main' into patch-1

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# Syntax for this file at https://help.github.com/articles/about-codeowners/
+
+*       @conda/conda-lock

.github/workflows/test.yml

@@ -3,6 +3,17 @@ name: test
 on:
   pull_request:
   push:
+    branches:
+      - main
+
+concurrency:
+  # Concurrency group that uses the workflow name and PR number if available
+  # or commit SHA as a fallback. If a new build is triggered under that
+  # concurrency group while a previous build is running it will be canceled.
+  # Repeated pushes to a PR will cancel all previous builds, while multiple
+  # merges to main will not cancel.
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
 
 jobs:
   test-windows:
@@ -34,19 +45,22 @@ jobs:
       - name: run-test
         run: |
           conda activate test
+          copy pyproject.toml "%RUNNER_TEMP%"
           Xcopy /E /I tests "%RUNNER_TEMP%\\tests"
           pushd "${RUNNER_TEMP}"
           set TMPDIR="%RUNNER_TEMP%"
           dir
-          pytest -n auto -vrsx --cov=conda_lock tests
+          pytest --cov=conda_lock --cov-branch --cov-report=xml --cov-report=term tests
+          copy coverage.xml %GITHUB_WORKSPACE%
+      - uses: codecov/codecov-action@v3
 
   test:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest, macos-latest ]
-        python-version: [ '3.7', '3.8', "3.10" ]
+        python-version: [ "3.8", "3.11" ]
     defaults:
       run:
         shell: bash -l {0}
@@ -85,13 +99,16 @@ jobs:
         shell: bash -l {0}
         run: |
           conda activate test
+          cp pyproject.toml "${RUNNER_TEMP}/"
           cp -a tests "${RUNNER_TEMP}/"
           pushd "${RUNNER_TEMP}"
           export TMPDIR="${RUNNER_TEMP}"
           ls -lah
           set -x
           which pytest
-          pytest -n auto -vrsx --cov=conda_lock tests
+          pytest --cov=conda_lock --cov-branch --cov-report=xml --cov-report=term tests
+          cp coverage.xml "${GITHUB_WORKSPACE}"
+      - uses: codecov/codecov-action@v3
 
       - name: test-gdal
         shell: bash -l {0}

.pre-commit-config.yaml

@@ -1,26 +1,30 @@
+# disable autofixing PRs, commenting "pre-commit.ci autofix" on a pull request triggers a autofix
+ci:
+    autofix_prs: false
+
 exclude: ^conda_lock/_vendor/.*$
 
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.3.0
+  rev: v4.4.0
   hooks:
     - id: trailing-whitespace
       exclude: "^.*\\.patch$"
     - id: check-ast
 
 - repo: https://github.com/psf/black
-  rev: 22.10.0
+  rev: 23.1.0
   hooks:
   - id: black
     language_version: python3
 
 - repo: https://github.com/pycqa/flake8
-  rev: 5.0.4
+  rev: 6.0.0
   hooks:
     - id: flake8
 
 - repo: https://github.com/pycqa/isort
-  rev: 5.10.1
+  rev: 5.12.0
   hooks:
   - id: isort
     args: ["--profile", "black", "--filter-files"]
@@ -30,4 +34,4 @@ repos:
   hooks:
   - id: mypy
     additional_dependencies: [types-filelock, types-requests, types-toml, types-PyYAML, types-freezegun, types-setuptools, pydantic]
-    exclude: ^tests/test-local-pip/setup.py$
+    exclude: ^(tests/test-local-pip/setup.py$|tests/test_conda_lock.py)

CODE_OF_CONDUCT.md

@@ -0,0 +1,20 @@
+# Conda Organization Code of Conduct
+
+> **Note**
+> Below is the short version of our CoC, see the long version [here](https://github.com/conda-incubator/governance/blob/main/CODE_OF_CONDUCT.md).
+
+# The Short Version
+
+Be kind to others. Do not insult or put down others. Behave professionally. Remember that harassment and sexist, racist, or exclusionary jokes are not appropriate for the conda Organization.
+
+All communication should be appropriate for a professional audience including people of many different backgrounds. Sexual language and imagery is not appropriate.
+
+The conda Organization is dedicated to providing a harassment-free community for everyone, regardless of gender, sexual orientation, gender identity and expression, disability, physical appearance, body size, race, or religion. We do not tolerate harassment of community members in any form.
+
+Thank you for helping make this a welcoming, friendly community for all.
+
+## Report an Incident
+
+* Report a code of conduct incident [using a form](https://form.jotform.com/221527028480048).
+* Report a code of conduct incident via email: [conduct@conda.org](mailto:conduct@conda.org).
+* Contact [an individual committee member](#committee-membership) or [CoC event representative](#coc-representatives) to report an incident in confidence.

README.md

@@ -1,8 +1,10 @@
 # conda-lock
 
-[![GitHub deployments](https://img.shields.io/github/deployments/conda-incubator/conda-lock/github-pages?label=docs&style=for-the-badge)](https://conda-incubator.github.io/conda-lock/)
+[![GitHub deployments](https://img.shields.io/github/deployments/conda/conda-lock/github-pages?label=docs&style=for-the-badge)](https://conda.github.io/conda-lock/)
 [![PyPI](https://img.shields.io/pypi/v/conda-lock?style=for-the-badge)](https://pypi.org/project/conda-lock/)
 [![Conda](https://img.shields.io/conda/v/conda-forge/conda-lock?style=for-the-badge)](https://github.com/conda-forge/conda-lock-feedstock)
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?style=for-the-badge)](https://results.pre-commit.ci/latest/github/conda/conda-lock/main)
+[![codecov](https://img.shields.io/codecov/c/github/conda/conda-lock/main?style=for-the-badge)](https://codecov.io/gh/conda/conda-lock)
 
 Conda lock is a lightweight library that can be used to generate fully reproducible lock files for [conda][conda]
 environments.
@@ -151,8 +153,7 @@ The default category is `main`.
 ### pip support
 
 `conda-lock` can also lock the `dependencies.pip` section of
-[environment.yml][envyaml], using [Poetry's][poetry] dependency solver, if
-installed with the `pip_support` extra.
+[environment.yml][envyaml], using a vendored copy of [Poetry's][poetry] dependency solver.
 
 ### private pip repositories
 Right now `conda-lock` only supports [legacy](https://warehouse.pypa.io/api-reference/legacy.html) pypi repos with basic auth. Most self-hosted repositories like Nexus, Artifactory etc. use this. To use this feature, add your private repo into Poetry's config _including_ the basic auth in the url:
@@ -161,6 +162,8 @@ Right now `conda-lock` only supports [legacy](https://warehouse.pypa.io/api-refe
 poetry config repositories.foo https://username:password@foo.repo/simple/
 ```
 
+The private repo will be used in addition to `pypi.org`. For projects using `pyproject.toml`, it is possible to [disable `pypi.org` entirely](#disabling-pypiorg).
+
 ### --dev-dependencies/--no-dev-dependencies
 
 By default conda-lock will include dev dependencies in the specification of the lock (if the files that the lock
@@ -390,6 +393,14 @@ In both these cases, the dependencies of `pip`-installable packages will also be
 installed with `pip`, unless they were already requested by a `conda`
 dependency.
 
+#### Disabling pypi.org
+
+When using private pip repos, it is possible to disable `pypi.org` entirely. This can be useful when using `conda-lock` behind a network proxy that does not allow access to `pypi.org`.
+```toml
+[tool.conda-lock]
+allow-pypi-requests = false
+```
+
 ## Dockerfile example
 
 In order to use conda-lock in a docker-style context you want to add the lockfile to the

codecov.yml

@@ -0,0 +1,8 @@
+coverage:
+  status:
+    patch: false
+    project: false
+
+github_checks: false
+
+comment: false

conda_lock/click_helpers.py

@@ -11,7 +11,7 @@ def __init__(
         self,
         name: Optional[str] = None,
         commands: Optional[Mapping[str, click.Command]] = None,
-        **kwargs: Any
+        **kwargs: Any,
     ):
         super(OrderedGroup, self).__init__(name, commands, **kwargs)
         #: the registered subcommands by their exported names.

conda_lock/conda_lock.py

@@ -53,31 +53,24 @@
     determine_conda_executable,
     is_micromamba,
 )
-from conda_lock.models.channel import Channel
-
-
-try:
-    from conda_lock.pypi_solver import solve_pypi
-
-    PIP_SUPPORT = True
-except ImportError:
-    PIP_SUPPORT = False
-from conda_lock.lookup import set_lookup_location
-from conda_lock.src_parser import (
+from conda_lock.lockfile import (
     Dependency,
     GitMeta,
     InputMeta,
     LockedDependency,
     Lockfile,
     LockMeta,
-    LockSpecification,
     MetadataOption,
     TimeMeta,
     UpdateSpecification,
-    aggregate_lock_specs,
+    parse_conda_lock_file,
+    write_conda_lock_file,
 )
+from conda_lock.lookup import set_lookup_location
+from conda_lock.models.channel import Channel
+from conda_lock.pypi_solver import solve_pypi
+from conda_lock.src_parser import LockSpecification, aggregate_lock_specs
 from conda_lock.src_parser.environment_yaml import parse_environment_file
-from conda_lock.src_parser.lockfile import parse_conda_lock_file, write_conda_lock_file
 from conda_lock.src_parser.meta_yaml import parse_meta_yaml_file
 from conda_lock.src_parser.pyproject_toml import parse_pyproject_toml
 from conda_lock.virtual_package import (
@@ -90,11 +83,15 @@
 logger = logging.getLogger(__name__)
 DEFAULT_FILES = [pathlib.Path("environment.yml")]
 
-# Captures basic auth credentials, if they exists, in the second capture group.
-AUTH_PATTERN = re.compile(r"^(https?:\/\/)(.*:.*@)?(.*)")
+# Captures basic auth credentials, if they exists, in the third capture group.
+AUTH_PATTERN = re.compile(r"^(# pip .* @ )?(https?:\/\/)(.*:.*@)?(.*)")
+
+# Do not substitute in comments, but do substitute in pip installable packages
+# with the pattern: # pip package @ url.
+PKG_PATTERN = re.compile(r"(^[^#@].*|^# pip .*)")
 
-# Captures the domain in the second group.
-DOMAIN_PATTERN = re.compile(r"^(https?:\/\/)?([^\/]+)(.*)")
+# Captures the domain in the third group.
+DOMAIN_PATTERN = re.compile(r"^(# pip .* @ )?(https?:\/\/)?([^\/]+)(.*)")
 
 # Captures the platform in the first group.
 PLATFORM_PATTERN = re.compile(r"^# platform: (.*)$")
@@ -196,7 +193,6 @@ def do_conda_install(
     file: pathlib.Path,
     copy: bool,
 ) -> None:
-
     _conda = partial(_invoke_conda, conda, prefix, name, check_call=True)
 
     kind = "env" if file.name.endswith(".yml") else "explicit"
@@ -730,8 +726,6 @@ def _solve_for_arch(
     )
 
     if requested_deps_by_name["pip"]:
-        if not PIP_SUPPORT:
-            raise ValueError("pip support is not enabled")
         if "python" not in conda_deps:
             raise ValueError("Got pip specs without Python")
         pip_deps = solve_pypi(
@@ -743,6 +737,7 @@ def _solve_for_arch(
             conda_locked={dep.name: dep for dep in conda_deps.values()},
             python_version=conda_deps["python"].version,
             platform=platform,
+            allow_pypi_requests=spec.allow_pypi_requests,
         )
     else:
         pip_deps = {}
@@ -797,7 +792,6 @@ def create_lockfile_from_spec(
     locked: Dict[Tuple[str, str, str], LockedDependency] = {}
 
     for platform in platforms or spec.platforms:
-
         deps = _solve_for_arch(
             conda=conda,
             spec=spec,
@@ -897,7 +891,6 @@ def parse_source_files(
                     src_file,
                     platform_overrides,
                     default_platforms=DEFAULT_PLATFORMS,
-                    pip_support=PIP_SUPPORT,
                 )
             )
     return desired_envs
@@ -915,7 +908,7 @@ def _add_auth_to_line(line: str, auth: Dict[str, str]) -> str:
 
 def _add_auth_to_lockfile(lockfile: str, auth: Dict[str, str]) -> str:
     lockfile_with_auth = "\n".join(
-        _add_auth_to_line(line, auth) if line[0] not in ("#", "@") else line
+        _add_auth_to_line(line, auth) if PKG_PATTERN.match(line) else line
         for line in lockfile.strip().split("\n")
     )
     if lockfile.endswith("\n"):
@@ -931,17 +924,17 @@ def _add_auth(lockfile: str, auth: Dict[str, str]) -> Iterator[pathlib.Path]:
 
 
 def _strip_auth_from_line(line: str) -> str:
-    return AUTH_PATTERN.sub(r"\1\3", line)
+    return AUTH_PATTERN.sub(r"\1\2\4", line)
 
 
 def _extract_domain(line: str) -> str:
-    return DOMAIN_PATTERN.sub(r"\2", line)
+    return DOMAIN_PATTERN.sub(r"\3", line)
 
 
 def _strip_auth_from_lockfile(lockfile: str) -> str:
     lockfile_lines = lockfile.strip().split("\n")
     stripped_lockfile_lines = tuple(
-        _strip_auth_from_line(line) if line[0] not in ("#", "@") else line
+        _strip_auth_from_line(line) if PKG_PATTERN.match(line) else line
         for line in lockfile_lines
     )
     stripped_domains = sorted(

conda_lock/conda_solver.py

@@ -31,14 +31,9 @@
     conda_pkgs_dir,
     is_micromamba,
 )
+from conda_lock.lockfile import HashModel, LockedDependency, _apply_categories
 from conda_lock.models.channel import Channel
-from conda_lock.src_parser import (
-    Dependency,
-    HashModel,
-    LockedDependency,
-    VersionedDependency,
-    _apply_categories,
-)
+from conda_lock.src_parser import Dependency, VersionedDependency
 
 
 logger = logging.getLogger(__name__)