forked from theupdateframework/python-tuf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
requirements.txt
47 lines (47 loc) · 1.74 KB
/
requirements.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# TUF runtime requirements plus securesystemslib with extra dependencies
#
# This file together with 'pip-compile' is used to generate a pinned
# requirements file with all immediate and transitive dependencies.
#
# 'requirements-pinned.txt' is updated on GitHub with Dependabot, which
# triggers CI/CD builds to automatically test against updated dependencies.
#
#
# NOTE: 'pip-compile' only adds dependencies relevant for the Python version,
# in which it is executed. Moreover, it does not add environment markers of
# transitive dependencies.
# The official recommendation for cross-environment usage of pip-compile tends
# towards separate requirements files for each environment (see
# jazzband/pip-tools#651), this seem like an overkill for tuf, where we only
# have a few conditional dependencies, i.e. dependencies that are required on
# Python < 3 only.
#
#
# Below instructions can be used to re-generate 'requirements-pinned.txt', e.g.
# if:
# - requirements are added or removed from this file
# - Python version support is changed
# - CI/CD build breaks due to updates (e.g. transitive dependency conflicts)
#
# 1. Use this script to create a pinned requirements file for each Python
# version
# ```
# for v in 2.7 3.5 3.6 3.7 3.8; do
# mkvirtualenv tuf-env-${v} -p python${v};
# pip install pip-tools;
# pip-compile --no-header -o requirements-${v}.txt requirements.txt;
# deactivate;
# rmvirtualenv tuf-env-${v};
# done;
#
# ```
# 2. Use this command to merge per-version files
# `sort -o requirements-pinned.txt -u requirements-?.?.txt`
# 2. Manually add environment markers to requirements-pinned.txt
# 3. Use this command to remove per-version files
# `rm requirements-?.?.txt`
#
securesystemslib[colors, crypto, pynacl]
requests
six
iso8601