Report using non-recommended "dependency signage"

[aecorn]

Many users find dependency-resolution hard.
My recommendations are usually (that ssb-project build does not cover):

1. Run poetry lock
2. Replace all dependencies from ^ to >=

I was wondering the right way to "recommend" this in the organization, and I think a warning during ssb-project build could be the best place to encourage right "signage".

Here is some example-code of what I mean.

import subprocess

def check_deps_group(group: str) -> None:
    deps = subprocess.check_output((f"grep -A 10 '\[{group}\]' pyproject.toml"), shell=True).decode("utf8").split("\n")
    deps = [x for x in deps if x and not x.startswith("[") and "build-backend" not in x]
    for line in deps:
        vers_dep = line.split('"')[-2]
        if ">=" not in vers_dep:
            print(f"Dependency {line}, does not use recommended signage '>=', consider changing it?")

check_deps_group("tool.poetry.dependencies")
check_deps_group("tool.poetry.group.dev.dependencies")

@arneso-ssb @krlono @rachelekren