Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
6336 commits 28 branches 35 tags 23 MiB
Commit graph

6336 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jussi Kukkonen
4e889e7212 dev env: Stop installing tuf as "editable" 
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:55 +02:00
Jussi Kukkonen
ec81bfa0b1 tests: Simplify test data generation 
We always want to either verify or generate new results:
don't have multiple arguments.

Also fix annotated types.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:55 +02:00
Jussi Kukkonen
31bb232ca3 tests: Remove various unneeded coverage workarounds 
Tests now run from root dir so various coverage complications
can be removed.

Also remove the duplicate .coveragerc and rely on pyproject.toml

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:55 +02:00
Jussi Kukkonen
58bf56f81e pyproject: Remove dev-mode-dirs 
This was only needed because tests needed changing to tests/ dir:
this is no longer the case.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:55 +02:00
Jussi Kukkonen
9946dc5277 tests: Make sure tests can execute from root source dir 
"python -m unittest" now works in the root source dir too

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:55 +02:00
Jussi Kukkonen
28a031f039 tests: Remove aggregate_tests.py 
This was essentially unused now (originally it was used to
randomize the test order).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-11 10:11:49 +02:00
Jussi Kukkonen
caa4960691 tests: Fix return value of a test 
We don't actually want to return anything here: just
make sure download_file() gets executed

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-12-10 20:30:49 +02:00
dependabot[bot]
7c638b02e5
build(deps): bump ruff in the test-and-lint-dependencies group (#2746) 2024-12-10 09:06:43 +02:00
dependabot[bot]
258be33ab1
build(deps): bump the dependencies group with 2 updates (#2747) 2024-12-10 09:06:11 +02:00
dependabot[bot]
69222b2e06
build(deps): bump pypa/gh-action-pypi-publish (#2748) 2024-12-10 09:04:42 +02:00
Jussi Kukkonen
d805a81355
Merge pull request #2741 from jku/use-future-annotations 2024-12-06 14:49:23 +02:00
Kairo Araujo
a0f080a7f0
Merge pull request #2744 from theupdateframework/dependabot/pip/dependencies-03688326f5 
build(deps): bump cryptography from 43.0.3 to 44.0.0 in the dependencies group
 2024-12-03 09:21:34 +01:00
Kairo Araujo
fc7bdf21de
Merge pull request #2743 from theupdateframework/dependabot/pip/test-and-lint-dependencies-58a7d47244 
build(deps): bump ruff from 0.8.0 to 0.8.1 in the test-and-lint-dependencies group
 2024-12-03 09:20:52 +01:00
dependabot[bot]
2309a329bc
build(deps): bump cryptography in the dependencies group 
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 43.0.3 to 44.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/43.0.3...44.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-02 22:19:15 +00:00
dependabot[bot]
2169cc8825
build(deps): bump ruff in the test-and-lint-dependencies group 
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.0...0.8.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-02 22:18:28 +00:00
Jussi Kukkonen
4f32a13ab0 pyproject: Don't require Python 3.9 quite yet 
We're still compatible with 3.8: let's not force 3.9 yet.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-11-29 16:31:45 +02:00
Jussi Kukkonen
371d122193
Merge pull request #2742 from theupdateframework/dependabot/github_actions/action-dependencies-72fea10bec 
build(deps): bump theupdateframework/tuf-conformance from 2.1.0 to 2.2.0 in the action-dependencies group
 2024-11-29 16:18:47 +02:00
dependabot[bot]
acffdc030e
build(deps): bump theupdateframework/tuf-conformance 
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance).


Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases)
- [Commits](ad0e8bef1a...dee4e23533)

---
updated-dependencies:
- dependency-name: theupdateframework/tuf-conformance
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-29 14:16:48 +00:00
Jussi Kukkonen
d89c8e673f coverage config: Add some excludes 
This makes the results more useful

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-11-29 13:28:56 +02:00
Jussi Kukkonen
fca3086b5d repository: Change RuntimeError to AssertionError 
These are assertions that should happen in production:
something is wrong in an unrecoverable way.

This is not an API change since no-one should be catching these.
Making these AssertionErrors makes them skippable in coverage.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-11-29 13:19:54 +02:00
Jussi Kukkonen
687d4557ad Revert "refactor to use dict union, instead of unpacking" 
This reverts commit eb6d82f324.

The change itself was fine but since the code is otherwise compatible
with python 3.8, let's revert this to be compatible for one more
release.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-11-29 12:51:35 +02:00
Jussi Kukkonen
1d81a04707 Use __future.annotations module 
This allows using some more nice annotations from 3.10
while still being compatible with even Python 3.8.

These are all annotation changes, should not modify any functionality.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-11-29 12:41:09 +02:00
Jussi Kukkonen
0b351efc6f pyproject: Remove deprecated ruff rules 
These are no longer part of the ruleset

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-11-29 11:53:35 +02:00
Jussi Kukkonen
f2aeb97add
Merge pull request #2731 from NicholasTanz/updateAnnotations 
update python annotations
 2024-11-29 11:48:20 +02:00
dependabot[bot]
74c0ad3fc5
build(deps): bump the test-and-lint-dependencies group with 2 updates (#2740) 
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.6.7 to 7.6.8
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.7...7.6.8)

Updates `ruff` from 0.7.4 to 0.8.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.4...0.8.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-26 14:31:41 +02:00
dependabot[bot]
0c0712d0c2
build(deps): bump hatchling in the build-and-release-dependencies group (#2738) 
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.26.1 to 1.26.3
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.26.1...hatchling-v1.26.3)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-19 11:24:08 +02:00
dependabot[bot]
58d5ff4bb3
build(deps): bump the test-and-lint-dependencies group with 2 updates (#2739) 
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.6.4 to 7.6.7
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.7)

Updates `ruff` from 0.7.3 to 0.7.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.3...0.7.4)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-19 11:23:29 +02:00
dependabot[bot]
6264bbbea2
build(deps): bump ruff in the test-and-lint-dependencies group (#2735) 2024-11-18 09:50:33 +02:00
Justin Cappos
e2ac01fc08
Merge pull request #2737 from joshuagl/joshuagl-maint 
docs: Joshua retiring as a maintainer
 2024-11-12 13:57:30 -05:00
Joshua Lock
a52d8f4902 docs: Joshua retiring as a maintainer 
Stepping down as I have insufficient bandwidth to meaningfully contribute.

Signed-off-by: Joshua Lock <joshuagloe@gmail.com>
 2024-11-12 18:40:47 +00:00
Kairo Araujo
673cd4f226
Merge pull request #2736 from theupdateframework/dependabot/github_actions/action-dependencies-5da8da3d55 
build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 in the action-dependencies group
 2024-11-12 14:41:50 +01:00
Kairo Araujo
7d4d59ad00
Merge pull request #2734 from theupdateframework/dependabot/pip/build-and-release-dependencies-e9c6eaa3b4 
build(deps): bump hatchling from 1.25.0 to 1.26.1 in the build-and-release-dependencies group
 2024-11-12 14:41:08 +01:00
dependabot[bot]
e62ac28946
build(deps): bump pypa/gh-action-pypi-publish 
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).


Updates `pypa/gh-action-pypi-publish` from 1.11.0 to 1.12.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](fb13cb3069...15c56dba36)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-11 21:50:44 +00:00
dependabot[bot]
e10d3ccfc3
build(deps): bump hatchling in the build-and-release-dependencies group 
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.25.0 to 1.26.1
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.25.0...hatchling-v1.26.1)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-11 21:11:54 +00:00
dependabot[bot]
1346e52373
build(deps): bump pypa/gh-action-pypi-publish (#2732) 2024-11-05 00:26:58 +02:00
dependabot[bot]
cb06046b7a
build(deps): bump ruff in the test-and-lint-dependencies group (#2733) 2024-11-05 00:24:36 +02:00
NicholasTanz
eb6d82f324 refactor to use dict union, instead of unpacking 
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
 2024-11-03 23:30:09 -05:00
NicholasTanz
5c71f4f062 update python annotations 
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
 2024-11-03 23:21:23 -05:00
dependabot[bot]
42c3b2d919
build(deps): bump the action-dependencies group with 2 updates (#2729) 2024-10-29 08:50:53 +02:00
dependabot[bot]
d4174e00c0
build(deps): bump the test-and-lint-dependencies group across 1 directory with 3 updates (#2728) 
Bumps the test-and-lint-dependencies group with 3 updates in the / directory: [coverage](https://github.com/nedbat/coveragepy), [ruff](https://github.com/astral-sh/ruff) and [mypy](https://github.com/python/mypy).


Updates `coverage` from 7.6.1 to 7.6.4
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.1...7.6.4)

Updates `ruff` from 0.6.9 to 0.7.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.6.9...0.7.1)

Updates `mypy` from 1.11.2 to 1.13.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.11.2...v1.13.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-25 14:40:47 +03:00
Jussi Kukkonen
bd18823b13
Python upgrade: Stop testing 3.8, start testing 3.13 (#2721) 
We don't strictly require 3.9 yet but likely should soon as the
container annotation features are nice.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-10-25 13:30:03 +03:00
dependabot[bot]
5fb28ea952
build(deps): bump build in the build-and-release-dependencies group (#2724) 
Bumps the build-and-release-dependencies group with 1 update: [build](https://github.com/pypa/build).


Updates `build` from 1.2.2 to 1.2.2.post1
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.2.2...1.2.2.post1)

---
updated-dependencies:
- dependency-name: build
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-22 10:33:43 +03:00
dependabot[bot]
e517e84ccb
build(deps): bump cryptography in the dependencies group (#2726) 
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 43.0.1 to 43.0.3
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/43.0.1...43.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-22 10:30:58 +03:00
dependabot[bot]
bb127ec6ca
build(deps): bump theupdateframework/tuf-conformance (#2727) 
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance).


Updates `theupdateframework/tuf-conformance` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases)
- [Commits](f4acd16d0e...ad0e8bef1a)

---
updated-dependencies:
- dependency-name: theupdateframework/tuf-conformance
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-22 10:30:01 +03:00
Kairo Araujo
4abccdcf2e
Merge pull request #2723 from jku/badges-badges-badges 
README: Update badges
 2024-10-17 19:30:30 +02:00
Jussi Kukkonen
e30838428e README: Update badges 
* Add a badge for conformance
* Shorten the name of the workflow (since that ends up in the badge)
* Tweak badge alt names to be more useful

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2024-10-17 16:42:27 +03:00
Jussi Kukkonen
2b4aa2e3c9
Merge pull request #2717 from theupdateframework/dependabot/github_actions/action-dependencies-a1cff6d793 
build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 in the action-dependencies group
 2024-10-15 10:13:47 +03:00
Jussi Kukkonen
f9ac1f3ad1
Merge pull request #2720 from theupdateframework/dependabot/pip/dependencies-6725b0a49f 
build(deps): bump charset-normalizer from 3.3.2 to 3.4.0 in the dependencies group
 2024-10-15 10:09:47 +03:00
dependabot[bot]
8f04c43887
build(deps): bump charset-normalizer in the dependencies group 
Bumps the dependencies group with 1 update: [charset-normalizer](https://github.com/Ousret/charset_normalizer).


Updates `charset-normalizer` from 3.3.2 to 3.4.0
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-14 21:27:33 +00:00
dependabot[bot]
aa1fb97722
build(deps): bump actions/upload-artifact 
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/upload-artifact` from 4.4.1 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](604373da63...b4b15b8c7c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-14 21:03:11 +00:00