New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt nexB/skeleton and bump dependencies #2818

Merged

pombredanne merged 134 commits into develop from adopt-skeleton

Jan 30, 2022

Member

pombredanne commented Jan 29, 2022

This PR adopts the https://github.com/nexB/skeleton

This means mostly switching using venv/ subdir for the virtual env, instead of the root repo directory.

In addition it also updates dependency versions for bugs and security updates.

Some highlights include:

replacing dparse with dparse2 at https://github.com/nexB/dparse2 : this remove problematic code with exponential regexes, remove weak pip requirements support
replacing pkginfo with pkginfo2 at https://github.com/nexB/pkginfo2 : this removes problematic code that may import or eval arbitrary code
adding pip-requirements-parser at https://github.com/nexB/pip-requirements-parser which is a new mostly correct pip requirements parser that uses pip's own code

Tasks

Reviewed contribution guidelines
PR is descriptively titled 📑 and links the original issue above 🔗
Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
Run tests locally to check for errors.
Commits are in uniquely-named feature branch and has no merge conflicts 📁
Signed-off-by: Philippe Ombredanne pombredanne@nexb.com

steven-esser and others added 30 commits

September 22, 2020 15:53


          Initial commit

Signed-off-by: Steven Esser <sesser@nexb.com>


          Add initial skeleton files

85d1780

This commit adds the inital skeleton files needed for a bare-bones
python library. Includes a simple configure script and setup.py file

Signed-off-by: Steven Esser <sesser@nexb.com>


          Use pytest-xdist by default for threading support

aa71e06

Signed-off-by: Steven Esser <sesser@nexb.com>


          Add additional files

774dc7d

* Add AUTHORS.rst
* Add CHANGELOG.rst
* Add setup.cfg

Signed-off-by: Steven Esser <sesser@nexb.com>


          Follow modern python packaging and conf practices

9a56b88

* Add PEP 517/518 pyproject.toml file
* Add setuptools_scm to handle versioning
* Add setup.py content to setup.cfg
* Update setup.py to act as a shim (so pip install -e works)

Addresses: #2

Signed-off-by: Steven Esser <sesser@nexb.com>


          Add some minimal documentation

565feee

Signed-off-by: Steven Esser <sesser@nexb.com>


          Fix hanging tag chars in setup.cfg

5febefb

Signed-off-by: Steven Esser <sesser@nexb.com>


          Update README instructions with proper git merge conventions

343ff29

Signed-off-by: Steven Esser <sesser@nexb.com>


          Add minimal .travis.yml CI config file

fa55f68

Signed-off-by: Steven Esser <sesser@nexb.com>


          Update setuptools_scm declaration

3296b9f

Signed-off-by: Steven Esser <sesser@nexb.com>


          Merge pull request #1 from nexB/add-initial-skeleton-files

ad02f4e

Add initial skeleton files


          Add azure pipeline config files and templates

083bd04

    * Create configure.bat so we can use our skeleton for Windows projects

Signed-off-by: Jono Yang <jyang@nexb.com>


          Fix path to Scripts directory

847564e

    * Remove unused variables and options

Signed-off-by: Jono Yang <jyang@nexb.com>


          Install current project in configure.bat

0f293cb

Signed-off-by: Jono Yang <jyang@nexb.com>


          Call pytest from proper location

63f6946

    * Remove rerun option from azure-pipelines.yml

Signed-off-by: Jono Yang <jyang@nexb.com>


          Use newer VM images on Azure

7fd2506

Signed-off-by: Jono Yang <jyang@nexb.com>


          Add .gitattributes

bceb8f9

    * We have this to ensure the line ending of configure.bat is always CRLF

Signed-off-by: Jono Yang <jyang@nexb.com>


          Clean template

e772fe6

Signed-off-by: Jono Yang <jyang@nexb.com>


          Merge pull request #11 from nexB/add-ci-config

ae44984

Add CI config


          Merge pull request #14 from nexB/develop

5593c2f

Merge changes from develop to main


          Update .gitignore to ignore Jupyter temp files

629abed

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>


          Merge pull request #15 from nexB/jupyter-patch

6001c74

Update .gitignore to ignore Jupyter temp files


          Quick doc update

ef210cd

Signed-off-by: Steven Esser <sesser@nexb.com>


          Add RTD docs configuration file

0b6caf9

Adds a RTD configuration file (v2) to customize builds.

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>


          Add basic RTD documentaion #4

f2c1400

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>


          Add RTD requirements file and test scripts

e7d1990

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>


          Add src folder to pass CI tests and RTD builds

7d37af0

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>


          Merge pull request #16 from AyanSinhaMahapatra/add-basic-docs

b6ef568

Add basic docs


          Ensure we use official full text of Apache 2.0

03ffc8a

Taken from https://www.apache.org/licenses/LICENSE-2.0.txt

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Merge pull request #18 from nexB/apache-license

98d4d69

Ensure we use official full text of Apache 2.0

pombredanne added 24 commits

November 26, 2021 19:08


          Add support for deb and rpm containers

6ccff2b

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Support licenses when ScanCode is not installed

6962f8b

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Improve wheel build

2f77f97

Allow to launch builds and then fetch built wheels later
Improve support for newer Pythons and OS versions.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          REmove unused scripts

cb7651a

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Use black

0dd1d28

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Merge latest main branch from nexB/skeleton

48f4388

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Aligne with latest ScanCode TK updates

784e701

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Merge latest main branch from nexB/skeleton

9535d31

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Merge latest develop from upstream

9e06cda

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Drop SCANCODE_DEV_MODE tag file

1345e08

This is confusing and counter-productive. SCANCODE_DEV_MODE env var
can be used if needed.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Do not ignore setup.py

a7c2efd

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Update scripts

b1dabd8

Make fetch_built_wheel work
Add new strip classifiers option to fix_thirdparty
Improve simple requirements parsing to get the latest versions

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Finish adjustments for skeleton adoption

2dfa443

Use venv/bin paths everywhere
Correct extras (ScanCode uses dev and not testing)
Format Windows BAT files

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Remove legacy travis CI

d9ab0ef

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Merge remote-tracking branch 'skeleton/main' into adopt-skeleton

e5a1fa1


          Use new pip and pkginfo parsers

5827ae3

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Use dparse2, not dparse

907bb60

Also align setup-mini.cfg with setup.cfg

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Bump pip-requirements-parser

0eb2973

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Remove unused moved test files #2524

332e283

These were left behind after a rename

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Adjust tests to use pip-requirements-parser

324064a

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Use new pip requirements parser

bd5cb78

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Complete switch to new PyPI parsers

d06bbea

Now using dparse2, pkginfo2 and pip-requirement-parser
This addresses a security vulnerability in dparse.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Bump lxml to 4.6.5 and pin to 4.7.1

86c5710

This is a fix for a security issue CVE-2021-43818

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>


          Bump packaging

7d3e45e

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

pombredanne mentioned this pull request

Delay dropping support for LegacyVersion pypa/packaging#502

Closed


          Complete migration to skeleton

4fb0227

Use consistentently the venv subdirectory in scripts and documentation

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

pombredanne force-pushed the adopt-skeleton branch from bfbbe92 to 4fb0227 Compare

January 30, 2022 08:54


          Use correct requirements extras for testing

bcc541f

The [packages] extra is only for Linux and provides support for RPMs
and Windows registry handling. It is needed when doing a develoipment
installation for testing.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

pombredanne merged commit bcc541f into develop

pombredanne deleted the adopt-skeleton branch

January 30, 2022 16:16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment