freedomofpress · kushaldas · Aug 3, 2020 · Jul 21, 2020
@@ -12,7 +12,7 @@ common-steps:
         set -e
         virtualenv .venv
         source .venv/bin/activate
-        pip install --require-hashes -r dev-requirements.txt
+        pip install --require-hashes -r requirements/dev-requirements.txt
         export PYTHONPATH=$PYTHONPATH:.  # so alembic can get to Base metadata
         make check --keep-going
 

@@ -1,5 +1,5 @@
-include build-requirements.txt
-include requirements.txt
+include requirements/build-requirements.txt
+include requirements/requirements.txt
 include README.md
 include LICENSE
 include changelog.md

@@ -4,7 +4,7 @@ SHELL := /bin/bash
 .PHONY: venv
 venv:  ## Provision a Python 3 virtualenv for development.
 	python3 -m venv .venv
-	.venv/bin/pip install --require-hashes -r dev-requirements.txt
+	.venv/bin/pip install --require-hashes -r "requirements/dev-requirements.txt"
 
 .PHONY: black
 black: ## Format Python source code with black
@@ -85,7 +85,7 @@ lint: ## Run the linters
 .PHONY: safety
 safety: ## Runs `safety check` to check python dependencies for vulnerabilities
 	pip install --upgrade safety && \
-		for req_file in `find . -type f -name '*requirements.txt'`; do \
+		for req_file in `find . -type f -wholename 'requirements/*requirements.txt'`; do \
 			echo "Checking file $$req_file" \
 			&& safety check --full-report -r $$req_file \
 			&& echo -e '\n' \
@@ -105,12 +105,12 @@ check: clean check-black check-isort bandit lint mypy test-random test-integrati
 
 .PHONY: update-pip-requirements
 update-pip-requirements: ## Updates all Python requirements files via pip-compile for Linux.
-	pip-compile --verbose --rebuild --generate-hashes --annotate --allow-unsafe --output-file dev-requirements.txt requirements.in dev-requirements.in
-	pip-compile --verbose --rebuild --generate-hashes --annotate --output-file requirements.txt requirements.in
+	pip-compile --verbose --rebuild --generate-hashes --annotate --allow-unsafe --output-file "requirements/dev-requirements.txt" "requirements/requirements.in" "requirements/dev-requirements.in"
+	pip-compile --verbose --rebuild --generate-hashes --annotate --output-file "requirements/requirements.txt" "requirements/requirements.in"
 
 .PHONY: update-mac-pip-requirements
 update-mac-pip-requirements: ## Updates only dev Python requirements files via pip-compile for macOS.
-	pip-compile --verbose --rebuild --generate-hashes --annotate --allow-unsafe --output-file mac-dev-requirements.txt requirements.in dev-requirements.in
+	pip-compile --verbose --rebuild --generate-hashes --annotate --allow-unsafe --output-file "requirements/dev-mac-requirements.txt" "requirements/requirements.in" "requirements/dev-requirements.in"
 
 # Explaination of the below shell command should it ever break.
 # 1. Set the field separator to ": ##" and any make targets that might appear between : and ##

@@ -59,7 +59,7 @@ git clone git@github.com:freedomofpress/securedrop-client.git
 cd securedrop-client
 virtualenv --python=python3.7 .venv
 source .venv/bin/activate
-pip install --require-hashes -r dev-requirements.txt
+pip install --require-hashes -r requirements/dev-requirements.txt
 ```
 
 4. Run SecureDrop Client
@@ -95,7 +95,7 @@ git clone git@github.com:freedomofpress/securedrop-client.git
 cd securedrop-client
 virtualenv --python=python3.7 .venv
 source .venv/bin/activate
-pip install --require-hashes -r dev-requirements.txt
+pip install --require-hashes -r requirements/dev-requirements.txt
 ```
 
 4. Run SecureDrop Client
@@ -154,7 +154,7 @@ git clone git@github.com:freedomofpress/securedrop-client.git
 cd securedrop-client
 virtualenv --python=python3.7 .venv
 source .venv/bin/activate
-pip install --require-hashes -r dev-requirements.txt
+pip install --require-hashes -r requirements/dev-requirements.txt
 ```
 
 9. Run the client
@@ -212,12 +212,12 @@ brew install pip
 pip install virtualenv
 virtualenv --python=python3.7 .venv
 source .venv/bin/activate
-pip install --require-hashes -r mac-dev-requirements.txt
+pip install --require-hashes -r requirements/dev-mac-requirements.txt
 ```
 
 ## Updating dependencies
 
-We have several dependency files: `dev-requirements.txt` (Linux), `mac-dev-requirements.txt` (macOS) and `requirements.txt` point to python software foundation hashes, and `build-requirements.txt` points to our builds of the wheels from our own pip mirror (https://pypi.securedrop.org/). Whenever a dependency in `build-requirements.txt` changes, our team needs to manually review the code in the dependency diff with a focus on spotting vulnerabilities.
+We have several dependency files: `dev-requirements.txt` (Linux), `dev-mac-requirements.txt` (macOS) and `requirements.txt` point to python software foundation hashes, and `build-requirements.txt` points to our builds of the wheels from our own pip mirror (https://pypi.securedrop.org/). Whenever a dependency in `build-requirements.txt` changes, our team needs to manually review the code in the dependency diff with a focus on spotting vulnerabilities.
 
 If you're adding or updating a dependency, you need to: