forked from theupdateframework/python-tuf
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Use suffixed instead of prefixed sub-requirements files to group them alphabetically in the file tree. * Layer requirements files akin to the in-toto project (see in-toto/in-toto#294). The hierarchy is: - *requirements.in* tuf runtime requirements, including optional requirements (pynacl and cyrptography) - *requirements-pinned.txt* pinned tuf runtime requirements, including optional and transitive (1 level deep) requirements and their hashes. The file is generated semi-automatically using pip-compile and a bash script (see document header), based off of requirements.in, combining requirements from all supported Python versions. This file should be auto-updated, by e.g. dependabot, and be used for ci/cd tests, to catch issues with new dependencies. - *requirements-test.txt* additional test runtime requirements - *requirements-tox.txt* combines requirements.txt, requirements-test.txt and additional test tools (for linting and coverage), i.e. everything that is needed in each tox environment to run the tests. - *requirements-dev.txt* lists tox for local development and testing, and also requirements-tox.txt and tuf in editable mode to run the test suite or individual tests directly. - *requirements.txt* requirements-pinned.txt with the hashes of the dependencies as reported by pip at the time of creating the file. NOTE: this is not used for testing or dev-install because pip doesn't allow mixed (with and without hashes) installations. This file should also be auto-updated, by e.g. dependabot. * Removes an obsolete version constraint on coverage Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Loading branch information
Showing
10 changed files
with
104 additions
and
139 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Install tox for local testing, but also everything that tox would install | ||
# in a test environment, so that we can run the test suite or individual tests | ||
# directly in the development environment as well. | ||
tox | ||
-r requirements-tox.txt | ||
|
||
# Install tuf in editable mode | ||
-e . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# These pinned requirements are the combined results of `pip-compile` over | ||
# "requirements.in" in each supported Python version. | ||
# | ||
# - Below script may be used (copy-paste to bash removing leading '#') to | ||
# re-generate this file, e.g. if `requirements.in` is updated. | ||
# - Version updates should be handled by a GitHub-integrated dependency monitor | ||
# (e.g. Dependabot) that regularly scans PyPI for updates, patches this file, | ||
# and submits a PR, which triggers CI/CD builds and should catch breaking | ||
# updates. | ||
# | ||
# # Gather pip-compile results for each supported Python version | ||
# for v in 2.7 3.5 3.6 3.7 3.8; do | ||
# mkvirtualenv tuf-env-${v} -p python${v}; | ||
# pip install pip-tools; | ||
# pip-compile requirements.in -n 2>&1 | grep -v "^#" >> requirements.combined; | ||
# # Keep one venv as we need it below to add hashes | ||
# if [ $v != 3.8 ]; then | ||
# deactivate; | ||
# rmvirtualenv tuf-env-${v}; | ||
# fi | ||
# done; | ||
# # Create requirements-pinned.txt retaining doc header | ||
# cat requirements-pinned.txt | grep "^#" > requirements.tmp | ||
# mv requirements.tmp requirements-pinned.txt | ||
# cat requirements.combined | grep -v "^Dry-run," | sort -u >> requirements-pinned.txt | ||
# rm requirements.combined | ||
# # Create requirements.txt with hashes | ||
# pip-compile --generate-hashes -o requirements.txt requirements-pinned.txt | ||
# deactivate | ||
# rmvirtualenv tuf-env-3.8 | ||
# | ||
certifi==2019.11.28 # via requests | ||
cffi==1.13.2 # via cryptography, pynacl | ||
chardet==3.0.4 # via requests | ||
colorama==0.4.3 | ||
cryptography==2.8 | ||
enum34==1.1.6 # via cryptography | ||
idna==2.8 # via requests | ||
ipaddress==1.0.23 # via cryptography | ||
iso8601==0.1.12 | ||
pycparser==2.19 # via cffi | ||
pynacl==1.3.0 | ||
python-dateutil==2.8.1 # via securesystemslib | ||
requests==2.22.0 | ||
securesystemslib==0.14.0 | ||
six==1.14.0 | ||
subprocess32==3.5.4 # via securesystemslib | ||
urllib3==1.25.8 # via requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Runtime requirements for test suite | ||
mock; python_version < "3.3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# pinned tuf runtime dependencies | ||
-r requirements-pinned.txt | ||
|
||
# tuf test suite runtime dependencies | ||
-r requirements-test.txt | ||
|
||
# test tools for linting and test coverage measurement | ||
coverage | ||
pylint | ||
bandit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,6 @@ universal = 1 | |
|
||
[check-manifest] | ||
ignore = | ||
dev-requirements.txt | ||
requirements-dev.txt | ||
.travis.yml | ||
.coveragerc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters