Update copyright for the new year

Update CI

.github/scripts/setup-env.sh

@@ -7,66 +7,29 @@
 
 set -e;
 
-# ##### Prereqs #####
-#
-# Set global vars for usage in the script, create the cache directory so we can rely
-# on that existing, then dump some diagnostic info for later reference.
-#
-CI_VENV=$HOME/ci;
 CI_CACHE=$HOME/.cache;
-CI_CACHE_GET_POETRY="$CI_CACHE/get-poetry.py";
-CI_POETRY=$HOME/.poetry/bin/poetry;
-CI_VENV_PIP="$CI_VENV/bin/pip";
-CI_VENV_PIP_VERSION=19.3.1;
-CI_VENV_TOX="$CI_VENV/bin/tox";
+POETRY_VERSION=1.1.12;
 
 mkdir --parents "$CI_CACHE";
 
 command -v python;
 python --version;
 
-# ##### Install Poetry #####
-#
-# Download the poetry install script to the cache directory and then install poetry.
-# After dump the poetry version for later reference.
-#
-curl https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py \
-  --output "$CI_CACHE_GET_POETRY" \
+curl --location https://install.python-poetry.org \
+  --output "$CI_CACHE/install-poetry.py" \
   --silent \
-  --show-error \
-  --location;
-python "$CI_CACHE_GET_POETRY" --yes 1>/dev/null;
+  --show-error;
+python "$CI_CACHE/install-poetry.py" \
+  --version "$POETRY_VERSION" \
+  --yes;
+poetry --version --no-ansi;
+poetry run pip --version;
 
-python "$CI_POETRY" --version --no-ansi;
-
-# ##### Setup Runtime Venv #####
-#
-# Create a virtual environment for poetry to use, upgrade pip in that venv to a pinned
-# version, then install the current project to the venv.
-#
-# Note 1: Poetry, Tox, and this project plugin all use pip under the hood for package
-#         installation. This means that even though we are creating up to eight venvs
-#         during a given CI run they all share the same download cache.
-# Note 2: The "VIRTUAL_ENV=$CI_VENV" prefix on the poetry commands below sets the venv
-#         that poetry will use for operations. There is no CLI flag for poetry that
-#         directs it to use a given environment, but if it finds itself in an existing
-#         environment it will use it and skip environment creation.
-#
-python -m venv "$CI_VENV";
-
-$CI_VENV_PIP install "pip==$CI_VENV_PIP_VERSION" \
-  --upgrade \
-  --quiet;
-
-VIRTUAL_ENV=$CI_VENV "$CI_POETRY" install \
+poetry install \
   --extras poetry \
   --quiet \
-  --no-ansi \
-  &>/dev/null;
+  --remove-untracked \
+  --no-ansi;
 
-# ##### Print Debug Info #####
-#
-# Print the pip and tox versions (which will include registered plugins)
-#
-$CI_VENV_PIP --version;
-echo "tox $($CI_VENV_TOX --version)";
+poetry env info;
+poetry run tox --version;

.github/workflows/ci.yaml

@@ -11,22 +11,24 @@ jobs:
     strategy:
       matrix:
         python:
-          - version: 3.6
+          - version: "3.6"
             toxenv: py36
-          - version: 3.7
+          - version: "3.7"
             toxenv: py37
-          - version: 3.8
+          - version: "3.8"
             toxenv: py38
-          - version: 3.9
+          - version: "3.9"
             toxenv: py39
+          - version: "3.10"
+            toxenv: py310
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup:python${{ matrix.python.version }}
+      - name: Install Python ${{ matrix.python.version }}
         uses: actions/setup-python@v1
         with:
           python-version: ${{ matrix.python.version }}
-      - name: Setup:cache
+      - name: Configure Job Cache
         uses: actions/cache@v2
         with:
           path: |
@@ -37,20 +39,22 @@ jobs:
           # will be invalidated, and thus all packages will be redownloaded, if the
           # lockfile is updated
           key: ${{ runner.os }}-${{ matrix.python.toxenv }}-${{ hashFiles('**/poetry.lock') }}
-      - name: Setup:env
+      - name: Configure Path
+        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+      - name: Configure Environment
         run: .github/scripts/setup-env.sh
-      - name: Run:${{ matrix.python.toxenv }}
-        run: $HOME/ci/bin/tox -e ${{ matrix.python.toxenv }}
+      - name: Run Toxenv ${{ matrix.python.toxenv }}
+        run: poetry run tox -e ${{ matrix.python.toxenv }}
   Check:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup:python3.8
+      - name: Install Python 3.8
         uses: actions/setup-python@v1
         with:
           python-version: 3.8
-      - name: Setup:cache
+      - name: Configure Job Cache
         uses: actions/cache@v2
         with:
           path: |
@@ -60,11 +64,13 @@ jobs:
           # Hardcoded 'py38' slug here lets this cache piggyback on the 'py38' cache
           # that is generated for the tests above
           key: ${{ runner.os }}-py38-${{ hashFiles('**/poetry.lock') }}
-      - name: Setup:env
+      - name: Configure Path
+        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+      - name: Configure Environment
         run: .github/scripts/setup-env.sh
-      - name: Run:static
-        run: $HOME/ci/bin/tox -e static
-      - name: Run:static-tests
-        run: $HOME/ci/bin/tox -e static-tests
-      - name: Run:security
-        run: $HOME/ci/bin/tox -e security
+      - name: Run Static Analysis Checks
+        run: poetry run tox -e static
+      - name: Run Static Analysis Checks (Tests)
+        run: poetry run tox -e static-tests
+      - name: Run Security Checks
+        run: poetry run tox -e security

CHANGELOG.md

@@ -2,6 +2,34 @@
 
 See also: [Github Release Page](https://github.com/enpaul/tox-poetry-installer/releases).
 
+## Version 0.8.3
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.3),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.3/)
+
+- Add PyPI classifier for Python 3.10 compatibility
+
+## Version 0.8.2
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.2),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.2/)
+
+- Improve debug-level logging for package installation, and time how long installing each
+  package takes. Contributed by [Rebecca
+  Turner](https://github.com/9999years).
+- Fix crash caused by the package-under-test depending on Poetry's unsafe dependencies ([#65](https://github.com/enpaul/tox-poetry-installer/issues/65))
+
+## Version 0.8.1
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.1),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.1/)
+
+- Fix unintuitive behavior of the `install_project_deps` option by ensuring the specified
+  value always causes the implied action
+
 ## Version 0.8.0
 
 View this release on:

LICENSE.md

@@ -1,4 +1,4 @@
-## Copyright 2020 Ethan Paul
+## Copyright 2020, 2022 Ethan Paul
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this
 software and associated documentation files (the "Software"), to deal in the Software
@@ -9,4 +9,9 @@ to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or
 substantial portions of the Software.
 
-**THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.**
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

Makefile

@@ -30,7 +30,7 @@ source: ## Build Python source distribution package
 	poetry build --format sdist
 
 test: ## Run the project testsuite(s)
-	poetry run tox --recreate --parallelize-locked-install=10
+	poetry run tox --recreate
 
 dev: ## Create the local dev environment
 	poetry install -E poetry

README.md

@@ -231,6 +231,7 @@ error will be set to one of the "Status" values below to indicate what the error
 | `LockedDepNotFoundError`        | Indicates that an item specified in the `locked_deps` config option does not match the name of a package in the Poetry lockfile.                                                                                                |
 | `LockedDepsRequiredError`       | Indicates that a test environment with the `require_locked_deps` config option set to `true` also specified unlocked dependencies using the [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) config option. |
 | `PoetryNotInstalledError`       | Indicates that the `poetry` module could not be imported under the current runtime environment, and the `--require-poetry` flag was provided.                                                                                   |
+| `RequiresUnsafeDepError`        | Indicates that the package-under-test depends on a package that Poetry has classified as unsafe and cannot be installed.                                                                                                        |
 
 > **Note:** One or more of these errors can be caused by the `pyproject.toml` being out of
 > sync with the Poetry lockfile. If this is the case, than a warning will be logged when Tox
@@ -329,9 +330,9 @@ python -c '\
 '
 ```
 
-> **Note:** To force Tox to fail if Poetry is not installed, run the `tox` command with the
-> `--require-poetry` option. See the [Runtime Options](#runtime-options) for more
-> information.
+> **Note:** To force Tox to fail if Poetry is not installed, add the `require_poetry = true`
+> option to the tox `[testenv]` configuration. See the
+> [Config Options](#configuration-options) for more information.
 
 ## Developer Documentation
 
@@ -351,8 +352,8 @@ are tracked on [Github](https://github.com/enpaul/tox-poetry-installer/releases)
   [fork the repository](https://docs.github.com/en/enterprise/2.20/user/github/getting-started-with-github/fork-a-repo)
   and [open a pull request](https://github.com/enpaul/tox-poetry-installer/compare).
 
-Developing this project requires at least [Python 3.6](https://www.python.org/downloads/)
-and at least [Poetry 1.0](https://python-poetry.org/docs/#installation). GNU Make can
+Developing this project requires [Python 3.7+](https://www.python.org/downloads/) and
+[Poetry 1.0](https://python-poetry.org/docs/#installation) or later. GNU Make can
 optionally be used to quickly setup a local development environment, but this is not
 required.
 
@@ -425,6 +426,6 @@ Everything in Beta plus...
 
 - [ ] Fully replace dependency on `poetry` with dependency on `poetry-core` ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
 - [x] Add comprehensive unit tests
-- [ ] Add tests for each feature version of Tox between 3.8 and 3.20
+- [ ] ~Add tests for each feature version of Tox between 3.8 and 3.20~
 - [x] Add tests for Python-3.6, 3.7, 3.8, and 3.9
 - [x] Add Github Actions based CI

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "tox-poetry-installer"
-version = "0.8.0"
+version = "0.8.3"
 license = "MIT"
 authors = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]
 description = "A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile"
@@ -27,6 +27,7 @@ classifiers = [
   "Programming Language :: Python :: 3.7",
   "Programming Language :: Python :: 3.8",
   "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
   "Programming Language :: Python :: Implementation :: CPython",
 ]
 
@@ -44,10 +45,12 @@ tox = "^3.8.0"
 
 [tool.poetry.dev-dependencies]
 bandit = "^1.6.2"
-black = { version = "^20.8b1", allow-prereleases = true }
+black = {version = "^21.12b0", allow-prereleases = true, python = "^3.7"}
 blacken-docs = "^1.8.0"
 ipython = { version = "^7.18.1", python = "^3.7" }
-mypy = "^0.782"
+mdformat = "^0.6"
+mdformat-gfm = "^0.2"
+mypy = "^0.930"
 pre-commit = "^2.7.1"
 pre-commit-hooks = "^3.3.0"
 pylint = "^2.4.4"
@@ -57,8 +60,7 @@ reorder-python-imports = "^2.3.5"
 safety = "^1.9.0"
 toml = "^0.10.1"
 tox = "^3.20.0"
-mdformat = "^0.6.4"
-mdformat-gfm = "^0.2"
+types-toml = "^0.10.1"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

tests/test_transients.py

@@ -20,19 +20,16 @@ def test_exclude_unsafe():
     assert Provider.UNSAFE_PACKAGES == constants.UNSAFE_PACKAGES
 
     for dep in constants.UNSAFE_PACKAGES:
-        assert utilities.identify_transients(dep, dict(), None) == []
+        assert not utilities.identify_transients(dep, {}, None)
 
 
 def test_allow_missing():
     """Test that the ``allow_missing`` parameter works as expected"""
     with pytest.raises(exceptions.LockedDepNotFoundError):
-        utilities.identify_transients("luke-skywalker", dict(), None)
+        utilities.identify_transients("luke-skywalker", {}, None)
 
-    assert (
-        utilities.identify_transients(
-            "darth-vader", dict(), None, allow_missing=["darth-vader"]
-        )
-        == []
+    assert not utilities.identify_transients(
+        "darth-vader", {}, None, allow_missing=["darth-vader"]
     )
 
 
@@ -51,7 +48,7 @@ def test_exclude_pep508():
         "=>foo",
     ]:
         with pytest.raises(exceptions.LockedDepVersionConflictError):
-            utilities.identify_transients(version, dict(), None)
+            utilities.identify_transients(version, {}, None)
 
 
 def test_functional(mock_poetry_factory, mock_venv):

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, py38, py39, static, static-tests, security
+envlist = py36, py37, py38, py39, py310, static, static-tests, security
 isolated_build = true
 skip_missing_interpreters = true
 
@@ -14,7 +14,10 @@ locked_deps =
     pytest-cov
     toml
 commands =
-    pytest --cov {toxinidir}/tox_poetry_installer --cov-config {toxinidir}/.coveragerc --cov-report term-missing {toxinidir}/tests/
+    pytest {toxinidir}/tests/ \
+      --cov {toxinidir}/tox_poetry_installer \
+      --cov-config {toxinidir}/.coveragerc \
+      --cov-report term-missing
 
 [testenv:static]
 description = Static formatting and quality enforcement
@@ -31,10 +34,15 @@ locked_deps =
     pre-commit
     pre-commit-hooks
     pylint
+    types-toml
 commands =
-    pre-commit run --all-files
-    pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tox_poetry_installer/
-    mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tox_poetry_installer/
+    pre-commit run \
+      --all-files
+    pylint {toxinidir}/tox_poetry_installer/ \
+      --rcfile {toxinidir}/.pylintrc
+    mypy {toxinidir}/tox_poetry_installer/ \
+      --ignore-missing-imports \
+      --no-strict-optional
 
 [testenv:static-tests]
 description = Static formatting and quality enforcement for the tests
@@ -45,21 +53,37 @@ locked_deps =
     pylint
     pytest
     mypy
+    types-toml
 commands =
-    pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tests/
-    mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tests/
+    pylint {toxinidir}/tests/ \
+      --rcfile {toxinidir}/.pylintrc
+    mypy {toxinidir}/tests/ \
+      --ignore-missing-imports \
+      --no-strict-optional
 
 [testenv:security]
 description = Security checks
 basepython = python3.8
 platform = linux
 ignore_errors = true
+skip_install = true
 locked_deps =
     bandit
     safety
     poetry
 commands =
-    bandit --recursive --quiet {toxinidir}/tox_poetry_installer/
-    bandit --recursive --quiet --skip B101 {toxinidir}/tests/
-    poetry export --format requirements.txt --output {envtmpdir}/requirements.txt --without-hashes --dev
-    safety check --bare --file {envtmpdir}/requirements.txt
+    bandit {toxinidir}/tox_poetry_installer/ \
+      --recursive \
+      --quiet
+    bandit {toxinidir}/tests/ \
+      --recursive \
+      --quiet \
+      --skip B101
+    poetry export \
+      --format requirements.txt \
+      --output {envtmpdir}/requirements.txt \
+      --without-hashes \
+      --dev
+    safety check \
+      --file {envtmpdir}/requirements.txt \
+      --json

tox_poetry_installer/__about__.py

@@ -1,7 +1,7 @@
 # pylint: disable=missing-docstring
 __title__ = "tox-poetry-installer"
 __summary__ = "A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile"
-__version__ = "0.8.0"
+__version__ = "0.8.3"
 __url__ = "https://github.com/enpaul/tox-poetry-installer/"
 __license__ = "MIT"
 __authors__ = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]

tox_poetry_installer/exceptions.py

@@ -11,6 +11,7 @@ All exceptions should inherit from the common base exception :exc:`ToxPoetryInst
    +-- LockedDepNotFoundError
    +-- ExtraNotFoundError
    +-- LockedDepsRequiredError
+   +-- RequiresUnsafeDepError
 
 """
 
@@ -41,3 +42,7 @@ class ExtraNotFoundError(ToxPoetryInstallerException):
 
 class LockedDepsRequiredError(ToxPoetryInstallerException):
     """Environment cannot specify unlocked dependencies when locked dependencies are required"""
+
+
+class RequiresUnsafeDepError(ToxPoetryInstallerException):
+    """Package under test depends on an unsafe dependency and cannot be installed"""

tox_poetry_installer/hooks.py

@@ -20,6 +20,66 @@ from tox_poetry_installer import utilities
 from tox_poetry_installer.datatypes import PackageMap
 
 
+def _postprocess_install_project_deps(
+    testenv_config, value: Optional[str]  # pylint: disable=unused-argument
+) -> Optional[bool]:
+    """An awful hack to patch on three-state boolean logic to a config parameter
+
+    .. warning: This logic should 100% be removed in the next feature release. It's here to work
+                around a bad design for now but should not persist.
+
+    The bug filed in `#61`_ is caused by a combination of poor design and attempted cleverness. The
+    name of the ``install_project_deps`` config option implies that it has ultimate control over
+    whether the project dependencies are installed to the testenv, but this is not actually correct.
+    What it actually allows the user to do is force the project dependencies to not be installed to
+    an environment that would otherwise install them. This was intended behavior, however the
+    intention was wrong.
+
+    .. _`#61`: https://github.com/enpaul/tox-poetry-installer/issues/61
+
+    In an effort to be clever the plugin automatically skips installing project dependencies when
+    the project package is not installed to the testenv (``skip_install = true``) or if packaging
+    as a whole is disabled (``skipsdist = true``). The intention of this behavior is to install only
+    the expected dependencies to a testenv and no more. However, this conflicts with the
+    ``install_project_deps`` config option, which cannot override this behavior because it defaults
+    to ``True``. In effect, ``install_project_deps = true`` in fact means "automatically
+    determine whether to install project dependencies" and ``install_project_deps = false`` means
+    "never install the project dependencies". This is not ideal and unintuitive.
+
+    To avoid having to make a breaking change this workaround has been added to support three-state
+    logic between ``True``, ``False``, and ``None``. The ``install_project_deps`` option is now
+    parsed by Tox as a string with a default value of ``None``. If the value is not ``None`` then
+    this post processing function will try to convert it to a boolean the same way that Tox's
+    `SectionReader.getbool()`_ method does, raising an error to mimic the default behavior if it
+    can't.
+
+    .. _`SectionReader.getbool()`: https://github.com/tox-dev/tox/blob/f8459218ee5ab5753321b3eb989b7beee5b391ad/src/tox/config/__init__.py#L1724
+
+    The three states for the ``install_project_deps`` setting are:
+    * ``None`` - User did not configure the setting, package dependency installation is
+      determined automatically
+    * ``True`` - User configured the setting to ``True``, package dependencies will be installed
+    * ``False`` - User configured the setting to ``False``, package dependencies will not be
+      installed
+
+    This config option should be deprecated with the 1.0.0 release and instead an option like
+    ``always_install_project_deps`` should be added which overrides the default determination and
+    just installs the project dependencies. The counterpart (``never_install_project_deps``)
+    shouldn't be needed, since I don't think there's a real use case for that.
+    """
+    if value is None:
+        return value
+
+    if value.lower() == "true":
+        return True
+    if value.lower() == "false":
+        return False
+
+    raise tox.exception.ConfigError(
+        f"install_project_deps: boolean value '{value}' needs to be 'True' or 'False'"
+    )
+
+
 @tox.hookimpl
 def tox_addoption(parser: ToxParser):
     """Add required configuration options to the tox INI file
@@ -60,9 +120,10 @@ def tox_addoption(parser: ToxParser):
 
     parser.add_testenv_attribute(
         name="install_project_deps",
-        type="bool",
-        default=True,
+        type="string",
+        default=None,
         help="Automatically install all Poetry primary dependencies to the environment",
+        postprocess=_postprocess_install_project_deps,
     )
 
     parser.add_testenv_attribute(
@@ -147,11 +208,15 @@ def tox_testenv_install_deps(venv: ToxVirtualEnv, action: ToxAction) -> Optional
             f"Identified {len(env_deps)} environment dependencies to install to env"
         )
 
-        if (
-            not venv.envconfig.skip_install
-            and not venv.envconfig.config.skipsdist
-            and venv.envconfig.install_project_deps
-        ):
+        install_project_deps = (
+            venv.envconfig.install_project_deps
+            if venv.envconfig.install_project_deps is not None
+            else (
+                not venv.envconfig.skip_install and not venv.envconfig.config.skipsdist
+            )
+        )
+
+        if install_project_deps:
             project_deps = utilities.find_project_deps(
                 packages, virtualenv, poetry, venv.envconfig.extras
             )

tox_poetry_installer/installer.py

@@ -5,6 +5,7 @@
 import concurrent.futures
 import contextlib
 import typing
+from datetime import datetime
 from typing import Sequence
 from typing import Set
 
@@ -46,6 +47,13 @@ def install(
 
     installed: Set[PoetryPackage] = set()
 
+    def logged_install(dependency: PoetryPackage) -> None:
+        start = datetime.now()
+        logger.debug(f"Installing {dependency}")
+        pip.install(dependency)
+        end = datetime.now()
+        logger.debug(f"Finished installing {dependency} in {end - start}")
+
     @contextlib.contextmanager
     def _optional_parallelize():
         """A bit of cheat, really
@@ -66,8 +74,8 @@ def install(
         for dependency in packages:
             if dependency not in installed:
                 installed.add(dependency)
-                logger.debug(f"Installing {dependency}")
-                executor(pip.install, dependency)
+                logger.debug(f"Queuing {dependency}")
+                executor(logged_install, dependency)
             else:
                 logger.debug(f"Skipping {dependency}, already installed")
         logger.debug("Waiting for installs to finish...")

tox_poetry_installer/utilities.py

@@ -166,6 +166,11 @@ def find_project_deps(
     :param extras: Sequence of extra names to include the dependencies of
     """
 
+    if any(dep.name in constants.UNSAFE_PACKAGES for dep in poetry.package.requires):
+        raise exceptions.RequiresUnsafeDepError(
+            f"Project package requires one or more unsafe dependencies ({', '.join(constants.UNSAFE_PACKAGES)}) which cannot be installed with Poetry"
+        )
+
     base_deps: List[PoetryPackage] = [
         packages[item.name]
         for item in poetry.package.requires