/
pyproject.toml
166 lines (146 loc) · 5.59 KB
/
pyproject.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
[build-system]
# NOTE: Changes to the build system values should be inspected closely!
# Python 3.12 was added in `poetry-core` v1.8
requires = ["poetry-core>=1.8.1"]
build-backend = "poetry.core.masonry.api"
[tool.poetry]
name = "phylum"
version = "0.44.0"
description = "Utilities for integrating Phylum into CI pipelines (and beyond)"
license = "GPL-3.0-or-later"
authors = ["Phylum, Inc. <engineering@phylum.io>"]
homepage = "https://phylum.io/"
repository = "https://github.com/phylum-dev/phylum-ci"
documentation = "https://docs.phylum.io/"
readme = "README.md"
keywords = ["dependency", "security", "CI", "integration"]
# Classifiers can be found here: https://pypi.org/classifiers/
# TODO: Update the "Development Status" as the project/package matures
classifiers = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
"Natural Language :: English",
"Environment :: Console",
"Topic :: Security",
"Topic :: Software Development",
"Topic :: Software Development :: Quality Assurance",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
]
packages = [
{ include = "phylum", from = "src" },
{ include = "tests", format = "sdist" },
]
[tool.poetry.urls]
"Issue Tracker" = "https://github.com/phylum-dev/phylum-ci/issues"
"CI" = "https://github.com/phylum-dev/phylum-ci/actions"
[tool.poetry.scripts]
phylum-init = "phylum.init.cli:main"
phylum-ci = "phylum.ci.cli:script_main"
[tool.poetry.dependencies]
python = ">=3.9,<3.13"
requests = "*"
cryptography = "*"
packaging = "*"
"ruamel.yaml" = "*"
rich = "*"
[tool.poetry.group.test]
optional = true
[tool.poetry.group.test.dependencies]
pytest = "*"
tomli = "*"
tox = "*"
dulwich = "*"
[tool.poetry.group.ci]
optional = true
[tool.poetry.group.ci.dependencies]
tox-gh-actions = "*"
pytest-github-actions-annotate-failures = "*"
python-semantic-release = "*"
rich-codex = "*"
[tool.poetry.group.qa]
optional = true
[tool.poetry.group.qa.dependencies]
types-requests = "*"
pre-commit = "*"
tox = "*"
[tool.black]
line-length = 120
[tool.vulture]
paths = ["src", "tests"]
# Vulture doesn't understand pytest's fixture machinery
exclude = ["conftest.py"]
[tool.refurb]
python_version = "3.9"
format = "github"
# FURB184 (use-fluent-interface) is ignored because the benefits of "chaining" calls identified by this rule are not
# outweighed by the type checking based autocompletion and syntax highlighting provided by the IDE with the calls split.
ignore = [184]
[tool.ruff]
# Reference: https://beta.ruff.rs/docs/settings
line-length = 120
target-version = "py39"
force-exclude = true
src = ["src", "tests"]
[tool.ruff.lint]
select = [
# Using `ALL` has the risk that new rules may be enabled when `ruff` is updated but updates are
# automated, with a PR that includes enforced QA checks, to weekly dependency and pre-commit hook bumps.
"ALL",
]
ignore = [
# Reference: https://beta.ruff.rs/docs/rules/
#
# `one-blank-line-before-class` (D203) and `no-blank-line-before-class` (D211) are incompatible. Prefer D211.
"D203", # one-blank-line-before-class
# `multi-line-summary-first-line` (D212) and `multi-line-summary-second-line` (D213) are incompatible. Prefer D212.
"D213", # multi-line-summary-second-line
# These `flake8-fixme` (FIX) rules are incompatible with `flake8-todos` (TD). Prefer TD.
"FIX001", # line-contains-fixme
"FIX002", # line-contains-todo
"FIX003", # line-contains-xxx
# Cached instance methods are okay in this project b/c instances are short lived and won't lead to memory leaks.
"B019", # cached-instance-method
# Assigning to a variable before a return statement is more readable and useful for debugging
"RET504", # unnecessary-assign
# Allowing exception handling within loops improves readability with only a negligible performance impact.
"PERF203", # try-except-in-loop
# This code base does not require a license header at the top of every file.
"CPY001", # missing-copyright-notice
# This project makes extensive use of the `subprocess` module, but in a secure way
"S404", # suspicious-subprocess-import
# These ignores will be removed during https://github.com/phylum-dev/phylum-ci/issues/238
"ANN", # flake8-annotations
"TCH", # flake8-type-checking
"FA", # flake8-future-annotations
]
[tool.ruff.lint.per-file-ignores]
"test_*.py" = [
# It is expected to use `assert` statements in `pytest` test code
"S101", # assert
# `subprocess` input is controlled in test code
"S603", # subprocess-without-shell-equals-true
]
[tool.ruff.lint.isort]
force-sort-within-sections = true
[tool.ruff.lint.pydocstyle]
# Use PEP-257 style docstrings
convention = "pep257"
[tool.semantic_release]
# Reference: https://python-semantic-release.readthedocs.io/en/latest/configuration.html
version_toml = ["pyproject.toml:tool.poetry.version"]
# TODO: remove this setting or change it to `true` after the project is stable and no longer zeroVer
major_on_zero = false
# These files (may) get updated in the release workflow before Python Semantic Release runs
assets = ["docs/img/phylum-ci_options.svg", "docs/img/phylum-init_options.svg"]
commit_message = "chore: bump to v{version}"
commit_author = "phylum-bot <69485888+phylum-bot@users.noreply.github.com>"
logging_use_named_masks = true
[tool.semantic_release.changelog.environment]
trim_blocks = true
lstrip_blocks = true
keep_trailing_newline = true