[python][pip-compile] Fix constraint files (-c) in .in files not being fetched

[Copilot]

What are you trying to accomplish?

This fixes: #14392

When a requirements.in file references a constraint file via -c (e.g., -c src/model-requirements.txt), the file fetcher never fetches that constraint file. This causes pip-compile to fail at update time with:

InstallationError("Could not open requirements file: [Errno 2] No such file or directory: 'dependabot_tmp_dir/src/model-requirements.txt'")

Two gaps in SharedFileFetcher caused this:

1. fetch_child_requirement_files only followed -r references, not -c
2. constraints_files only scanned .txt files for -c directives, never .in files

Anything you want to highlight for special attention from reviewers?

Two complementary fixes applied to shared_file_fetcher.rb:

Option B — fetch_child_requirement_files now scans both regex patterns, enabling recursive constraint resolution:

paths = content.scan(CHILD_REQUIREMENT_REGEX).flatten +
        content.scan(CONSTRAINT_REGEX).flatten

Option A — constraints_files now includes .in files in its scan set:

all_requirement_files = requirements_txt_files +
                        child_requirement_txt_files +
                        requirements_in_files

Option B alone handles recursive/transitive constraint references. Option A ensures explicit coverage when building the final constraint file list. Both are needed for full correctness: Option B covers the case where constraints are transitively reachable; Option A covers the case where constraints_files is the authoritative gather point.

To avoid duplicate fetch_file_from_host calls that would result from Option B already fetching constraint files into child_requirement_files and Option A scanning the same paths again, constraints_files now filters out any paths already present in child_requirement_files before fetching:

already_fetched_names = child_requirement_files.map(&:name)
constraints_paths
  .reject { |path| already_fetched_names.include?(path) }
  .map { |path| fetch_file_from_host(path) }

Note: this only fully resolves the issue when at least one .txt file exists (the standard pip-compile workflow), since requirement_files (which calls constraints_files) is gated on requirements_txt_files.any?.

How will you know you've accomplished your goal?

Two new test cases added to file_fetcher_spec.rb covering the scenario where requirements.in contains a -c reference:

• Verifies the constraint file is included in the fetched file set
• Verifies DependencyFileNotFound is raised when the constraint file is missing

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

Fixes a pip-compile update failure where constraint files referenced from requirements.in via -c were not being fetched by the Python file fetcher, causing missing-file errors at update time.

Changes:

• Extend recursive child requirement resolution to also follow -c constraint directives.
• Expand constraints_files discovery to scan .in files in addition to .txt.
• Add specs + fixtures to cover fetching (and missing) constraint files referenced from .in files.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
python/lib/dependabot/python/shared_file_fetcher.rb	Teach shared fetcher to discover/fetch -c constraints from .in files (and recursively).
python/spec/dependabot/python/file_fetcher_spec.rb	Add test coverage for -c constraint references in requirements.in.
python/spec/fixtures/github/requirements_in_with_constraint.json	Fixture for a requirements.in that references a constraint file via -c.
python/spec/fixtures/github/contents_python_requirements_with_in_file.json	Repo-contents fixture including a requirements.in alongside requirements.txt.