From dc209c09a85906ebbfb9e01d503f814cd3d73bc9 Mon Sep 17 00:00:00 2001
From: crasm <crasm@git.vczf.us>
Date: Sat, 23 Dec 2023 18:06:24 -0500
Subject: [PATCH] Fail on "==" being used for package requirements (but can be
 suppressed)

---
 check-requirements.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/check-requirements.sh b/check-requirements.sh
index b1f8ac313..50a8dad03 100755
--- a/check-requirements.sh
+++ b/check-requirements.sh
@@ -150,11 +150,20 @@ check_convert_script() {
     info "$py: imports OK"
 }
 
-# Check that all sub-requirements are added to top-level requirements.txt
+readonly ignore_eq_eq='check_requirements: ignore "=="'
+
 for req in "$reqs_dir"/*; do
+    # Check that all sub-requirements are added to top-level requirements.txt
     if ! grep -qFe "$req" ./requirements.txt; then
         fatal "$req needs to be added to ./requirements.txt"
     fi
+
+    # Make sure exact release versions aren't being pinned in the requirements
+    # Filters out the ignore string
+    req_no_ignore_eq_eq="$(grep -vF "$ignore_eq_eq" "$req")"
+    if grep -Fe '==' <<< "$req_no_ignore_eq_eq" ; then
+        fatal "Avoid pinning exact package versions. Use '=~' instead.\nYou can suppress this error by appending the following to the line: \n\t# $ignore_eq_eq"
+    fi
 done
 
 all_venv="$workdir/all-venv"