We could just stop testing with 3.9... but I think this will lead to
unintentionally breaking 3.9 anyway sooner or later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Start linting securesystemslib calls
(this requires new securesystemslib)
* Fix various issues that suddenly popup
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Apparently Dependabot now supports upgrading build-system.requires: we
don't need the workarounds anymore.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
RequestsFetcher should still be public (even if deprecated).
* We don't want to import RequestsFetcher in __init__
(because that requires importing requests)
* but we do want RequestsFetcher to be importable publicly
Move both fetchers out of _internal: that was never the right place for
them anyway: they are public modules.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This also removes RequestsFetcher from tuf.ngclient.__init__.py:
Otherwise we can't drop the requests dependency.
This means RequestsFetcher is not currently public.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
PEP-639 (https://peps.python.org/pep-0639/) cleans up the license
documentation mess. Do what it suggests.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Tests now run from root dir so various coverage complications
can be removed.
Also remove the duplicate .coveragerc and rely on pyproject.toml
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
We don't strictly require 3.9 yet but likely should soon as the
container annotation features are nice.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* The conformance test suite is likely to still change quite a bit so
the workflow is not enabled on PRs yet
* The actual conformance client is copied from the tuf-conformance project
* This is mostly a test to see how things should work out, and a
demonstration of how the tuf-conformance project should be used
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The goal here is to have ruff enable new rulesets when new releases are
made without us having to o anything: we can then decide if we disable
or not.
* Enable a couple more rulesets (ERA, INP, T )
* Add a few individual ignores to tests and examples
* Default to enable all, disable the rulesets we don't want
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Remove exectuable flag from a couple of files
* Half of the test files have a shebang (but are
still not executable): remove the shebang
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
I'm not sure I agree with not using the parens in
raise SomeError
but being consistent is definitely better than not being consistent.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
There are several breaking changes coming up in securesystemslib on its
way to 1.0.
To not disrupt tuf users this patch constrains securesystemslib to not
update the current minor version..
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Remove bandit
* Add ruff ruleset "flake8-bandit"
* verify_release is now checked by bandit
* Avoid some asserts as suggested
* ignore a subprocess.run lint: it seems dumb
* ignore all bandit rules for tests and examples (just like before)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Only leave E501 (line-too-long) disabled: There is a lot of embedded
test data that is not formatted according to the rules.
Fixes#2568
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- adpot changes in dependabot.yml and remove --diff from ruff check.
- select pydocstyle, isort, pyflakes, pep8-naming, pycodestyle for ruff and ignore some small issues / add inline comments.
- adjust docstring length to 80 in various files
Signed-off-by: E3E <ntanzill@purdue.edu>
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes: #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
