Our sdist has typically included everything from git apart from the CI
related files (.github/*, .fossa.yml, .readthedocs.yaml). Update our
MANIFEST.in and the check-manifest section of setup.cfg to be explicit
about this.
Signed-off-by: Joshua Lock <jlock@vmware.com>
* List license files in a new metadata section
* Remove .travis.yml from check-manifest section's ignore entry
Signed-off-by: Joshua Lock <jlock@vmware.com>
Add the stub for the requests package (types-requests)
to requirements-tests.txt.
Add urllib3 to the ignored imports. The project seems
to have added type annotations already but has not
released a version including them yet.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
report an error whenever a function with type annotations calls a
function defined without annotations.
Also include exceptions.py in mypy checks.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
We're quite close to being able to enable only "strict = True" but not
quite there. In the mean time enable some useful individual settings.
disallow_untyped_defs:
report an error whenever code contains a function definition
without type annotations
warn_redundant_casts:
report an error whenever code uses an unnecessary cast
warn_unused_ignores:
report an error whenever code uses an unnecessary # type: ignore
comment
warn_unreachable:
report an error whenever code is determined to be unreachable or
redundant
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This is an initial setup: By default check only tuf/api/,
and ignore securesystemslib imports.
Change lint working directory to source root: This saves repeating a lot
of {toxinidir} in the command lines.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
* Use suffixed instead of prefixed sub-requirements files to group
them alphabetically in the file tree.
* Layer requirements files akin to the in-toto project
(see in-toto/in-toto#294). The hierarchy is:
- *requirements.in*
tuf runtime requirements, including optional requirements
(pynacl and cyrptography)
- *requirements-pinned.txt*
pinned tuf runtime requirements, including optional
and transitive (1 level deep) requirements and their hashes.
The file is generated semi-automatically using pip-compile
and a bash script (see document header), based off of
requirements.in, combining requirements from all supported
Python versions.
This file should be auto-updated, by e.g. dependabot, and be used
for ci/cd tests, to catch issues with new dependencies.
- *requirements-test.txt*
additional test runtime requirements
- *requirements-tox.txt*
combines requirements.txt, requirements-test.txt and additional
test tools (for linting and coverage), i.e. everything that is
needed in each tox environment to run the tests.
- *requirements-dev.txt*
lists tox for local development and testing, and also
requirements-tox.txt and tuf in editable mode to run
the test suite or individual tests directly.
- *requirements.txt*
requirements-pinned.txt with the hashes of the dependencies
as reported by pip at the time of creating the file.
NOTE: this is not used for testing or dev-install because pip
doesn't allow mixed (with and without hashes) installations.
This file should also be auto-updated, by e.g. dependabot.
* Removes an obsolete version constraint on coverage
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
