Skip to content

Fix dependency monitoring and revise requirements files #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 19, 2020
Merged

Fix dependency monitoring and revise requirements files #209

merged 4 commits into from
Feb 19, 2020

Conversation

lukpueh
Copy link
Member

@lukpueh lukpueh commented Feb 19, 2020

Fixes issue #:
Fixes #182
Similar changes in theupdateframework/python-tuf#982 and in-toto/in-toto#294

Description of the changes being introduced by the pull request:
Restructures and renames requirements files to remove redundancy and prepare for dependency monitoring with Dependabot.

Please see commit messages for details

Please verify and check that the pull request fulfils the following
requirements:

  • The code follows the Code Style Guidelines
  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@lukpueh
Remove pyup config and badges
a99ff2d 
The PyUp GitHub integration for sslib has stopped working a while
ago. Instead of troubleshooting, I'm seizing the opportunity to
replace it with Dependabot, which has shown to work well in the
in-toto org.
@lukpueh
Add dependabot badge to readme
e5470d1
@lukpueh
Add missing tests_require field to setup.py
6ea3ade
@lukpueh lukpueh requested a review from joshuagl February 19, 2020 11:25
@coveralls
Copy link

coveralls commented Feb 19, 2020
edited
Loading

Coverage Status

Coverage remained the same at 98.713% when pulling 1a10ebf on lukpueh:revise-requirements into 883b82f on secure-systems-lab:master.

@lukpueh
Copy link
Member Author

lukpueh commented Feb 19, 2020

Looks like this also fixes coveralls issues (#207). Maybe due to the removal of the coverage<5.0.

joshuagl
joshuagl approved these changes Feb 19, 2020
View reviewed changes
Copy link
Collaborator

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR looks great, thanks @lukpueh.

I did some reading around #207 recently and came to the conclusion that updating coverage should fix things but hadn't gotten around to submitting a PR yet. Happy to see the coverage results pouring in!

@lukpueh @joshuagl
Rename and restructure requirements files
1a10ebf 
- New/updated requirements files:
  - requirements.txt:
  lists all unpinned immedeate runtime requirements (i.e. combines
  'install_requires' and 'extras_require' from setup.py) and has
  instructions on how to create requirements-pinned.txt
  - requirements-pinned.txt:
  lists all pinned immedeate and transitive runtime requirements,
  based on requirements.txt, including environment markers, and is
  subjected to automatic updates with dependabot
  - requirements-min.txt:
  subset of requirements.txt without 'extras_require' (was
  purepy-requirements.txt). The requirements are not pinned, but
  updates should still trigger tests, if dependabot changes
  requirements-pinned.txt, which lists the same dependabots.
  - requirements-test.txt
  unpinned test runtime dependencies and test tooling. pinning is
  not so important there, because the end-user usually doesn't care
  about those dependencies.
  Also removes an obsolete version constraint on coverage.
  - requirements-dev.txt
  combines other requirements plus additional tooling and an
  editable install of securesystemslib
- Use requirements-`<suffix>`.txt notation instead of
  `<prefix>`-requirements.txt to group them in file tree view.
- Adopt changes in MANIFEST.in and tox.ini

Co-Authored-By: Joshua Lock <jlock@vmware.com>
@lukpueh lukpueh force-pushed the revise-requirements branch from 5129427 to 1a10ebf Compare February 19, 2020 13:52
@lukpueh
Copy link
Member Author

lukpueh commented Feb 19, 2020

Many thanks, @joshuagl! I squashed in your change, and also mentioned the removal of the version constraint in the commit message.

@lukpueh lukpueh merged commit 913beac into secure-systems-lab:master Feb 19, 2020
This was referenced Feb 19, 2020
Closed
Merged
@lukpueh lukpueh mentioned this pull request Mar 2, 2020
Closed
3 tasks
lukpueh added a commit to lukpueh/in-toto that referenced this pull request Dec 11, 2020
@lukpueh
Update multi-env requirements generation docs
2bb563d 
Adopt docs for updating requirements-pinned.txt from based on
their revision in tuf and sslib:
- theupdateframework/python-tuf#982
- secure-systems-lab/securesystemslib#209

The update includes a transfer of the doc header + script/commands
from requirements-pinned.txt to requirements.txt, and a thus
resulting simplification of the commands.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh added a commit to lukpueh/in-toto that referenced this pull request Dec 11, 2020
@lukpueh
Update multi-env requirements generation docs
9bd8d04 
Adopt docs for updating requirements-pinned.txt from based on
their revision in tuf and sslib:
- theupdateframework/python-tuf#982
- secure-systems-lab/securesystemslib#209

The update includes a transfer of the doc header + script/commands
from requirements-pinned.txt to requirements.txt, and a thus
resulting simplification of the commands.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuagl joshuagl joshuagl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependency monitoring is broken
3 participants
@lukpueh @coveralls @joshuagl