Jussi Kukkonen
e5547e7984
workflows: Fix the spec version check
...
I removed all instances of "pip install -e ." from our scripts
in 4e889e7 since installing python-tuf is no longer needed (PWD
is in python import paths already).
This is a different case though since here we don't install dependencies
separately and importing python-tuf still requires securesystemslib:
Let's install the dependencies.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-01-13 20:14:48 +02:00
dependabot[bot]
43221a931a
build(deps): bump ruff in the test-and-lint-dependencies group ( #2763 )
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.8.4 to 0.8.6
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.4...0.8.6 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-07 10:35:55 +02:00
Kairo Araujo
467e806614
Merge pull request #2749 from jku/test-fixes
...
Unit test infrastructure fixes
2025-01-06 15:25:55 +01:00
Kairo Araujo
3c4fcde38a
Merge pull request #2750 from jku/update-securesystemslib-extras
...
Update securesystemslib extras
2025-01-06 15:25:31 +01:00
Jussi Kukkonen
83ec7be7cf
requirements: Generate pinned list
...
The only real change is pynacl being removed.
The command used to generate the list is documented in the generated
file. Note that --strip-extras is used: it will be default soon
anyway.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-31 11:08:01 +02:00
Jussi Kukkonen
6d5c5cd867
requirements: pynacl is no longer needed
...
This is obsolete by now.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-31 11:05:43 +02:00
dependabot[bot]
5dc5ceaad6
build(deps): bump mypy in the test-and-lint-dependencies group ( #2760 )
...
Bumps the test-and-lint-dependencies group with 1 update: [mypy](https://github.com/python/mypy ).
Updates `mypy` from 1.14.0 to 1.14.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.14.0...v1.14.1 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-31 11:02:36 +02:00
dependabot[bot]
956c0f1303
build(deps): bump the dependencies group with 2 updates ( #2759 )
...
Bumps the dependencies group with 2 updates: [charset-normalizer](https://github.com/jawah/charset_normalizer ) and [coverage[toml]](https://github.com/nedbat/coveragepy ).
Updates `charset-normalizer` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/jawah/charset_normalizer/releases )
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1 )
Updates `coverage[toml]` from 7.6.9 to 7.6.10
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.9...7.6.10 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: coverage[toml]
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-31 10:54:53 +02:00
dependabot[bot]
0bbd7f582d
build(deps): bump urllib3 from 2.2.3 to 2.3.0 in the dependencies group ( #2757 )
...
Bumps the dependencies group with 1 update: [urllib3](https://github.com/urllib3/urllib3 ).
Updates `urllib3` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.3...2.3.0 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-30 11:05:42 +02:00
dependabot[bot]
05d405e591
build(deps): bump actions/upload-artifact ( #2755 )
2024-12-24 13:57:37 +02:00
dependabot[bot]
422179fd72
build(deps): bump the test-and-lint-dependencies group with 2 updates ( #2756 )
2024-12-24 13:56:26 +02:00
Kairo Araujo
8d56056560
Merge pull request #2752 from theupdateframework/dependabot/pip/build-and-release-dependencies-1bac42353b
...
build(deps): bump hatchling from 1.26.3 to 1.27.0 in the build-and-release-dependencies group
2024-12-17 09:45:19 +01:00
Kairo Araujo
d278bd367d
Merge pull request #2753 from theupdateframework/dependabot/pip/test-and-lint-dependencies-1d5bbdc524
...
build(deps): bump ruff from 0.8.2 to 0.8.3 in the test-and-lint-dependencies group
2024-12-17 09:45:03 +01:00
Kairo Araujo
b2925b080c
Merge pull request #2754 from theupdateframework/dependabot/pip/dependencies-d3e2c9eccf
...
build(deps): bump certifi from 2024.8.30 to 2024.12.14 in the dependencies group
2024-12-17 09:44:50 +01:00
dependabot[bot]
fab69edf0f
build(deps): bump certifi in the dependencies group
...
Bumps the dependencies group with 1 update: [certifi](https://github.com/certifi/python-certifi ).
Updates `certifi` from 2024.8.30 to 2024.12.14
- [Commits](https://github.com/certifi/python-certifi/compare/2024.08.30...2024.12.14 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-12-16 21:07:59 +00:00
dependabot[bot]
971e0024a8
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.2...0.8.3 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-12-16 21:07:10 +00:00
dependabot[bot]
7157e304d8
build(deps): bump hatchling in the build-and-release-dependencies group
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.26.3 to 1.27.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.26.3...hatchling-v1.27.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-12-16 21:06:53 +00:00
Jussi Kukkonen
4548f38d8d
pyproject: Coverage: Use branch coverage
...
This was in use in tests/.coveragerc: previously. Enable in
pyproject config too.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 11:55:11 +02:00
Jussi Kukkonen
4e889e7212
dev env: Stop installing tuf as "editable"
...
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
ec81bfa0b1
tests: Simplify test data generation
...
We always want to either verify or generate new results:
don't have multiple arguments.
Also fix annotated types.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
31bb232ca3
tests: Remove various unneeded coverage workarounds
...
Tests now run from root dir so various coverage complications
can be removed.
Also remove the duplicate .coveragerc and rely on pyproject.toml
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
58bf56f81e
pyproject: Remove dev-mode-dirs
...
This was only needed because tests needed changing to tests/ dir:
this is no longer the case.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
9946dc5277
tests: Make sure tests can execute from root source dir
...
"python -m unittest" now works in the root source dir too
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
28a031f039
tests: Remove aggregate_tests.py
...
This was essentially unused now (originally it was used to
randomize the test order).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:49 +02:00
Jussi Kukkonen
caa4960691
tests: Fix return value of a test
...
We don't actually want to return anything here: just
make sure download_file() gets executed
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-10 20:30:49 +02:00
dependabot[bot]
7c638b02e5
build(deps): bump ruff in the test-and-lint-dependencies group ( #2746 )
2024-12-10 09:06:43 +02:00
dependabot[bot]
258be33ab1
build(deps): bump the dependencies group with 2 updates ( #2747 )
2024-12-10 09:06:11 +02:00
dependabot[bot]
69222b2e06
build(deps): bump pypa/gh-action-pypi-publish ( #2748 )
2024-12-10 09:04:42 +02:00
Jussi Kukkonen
d805a81355
Merge pull request #2741 from jku/use-future-annotations
2024-12-06 14:49:23 +02:00
Kairo Araujo
a0f080a7f0
Merge pull request #2744 from theupdateframework/dependabot/pip/dependencies-03688326f5
...
build(deps): bump cryptography from 43.0.3 to 44.0.0 in the dependencies group
2024-12-03 09:21:34 +01:00
Kairo Araujo
fc7bdf21de
Merge pull request #2743 from theupdateframework/dependabot/pip/test-and-lint-dependencies-58a7d47244
...
build(deps): bump ruff from 0.8.0 to 0.8.1 in the test-and-lint-dependencies group
2024-12-03 09:20:52 +01:00
dependabot[bot]
2309a329bc
build(deps): bump cryptography in the dependencies group
...
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography ).
Updates `cryptography` from 43.0.3 to 44.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/43.0.3...44.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-12-02 22:19:15 +00:00
dependabot[bot]
2169cc8825
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.0...0.8.1 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-12-02 22:18:28 +00:00
Jussi Kukkonen
4f32a13ab0
pyproject: Don't require Python 3.9 quite yet
...
We're still compatible with 3.8: let's not force 3.9 yet.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 16:31:45 +02:00
Jussi Kukkonen
371d122193
Merge pull request #2742 from theupdateframework/dependabot/github_actions/action-dependencies-72fea10bec
...
build(deps): bump theupdateframework/tuf-conformance from 2.1.0 to 2.2.0 in the action-dependencies group
2024-11-29 16:18:47 +02:00
dependabot[bot]
acffdc030e
build(deps): bump theupdateframework/tuf-conformance
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](ad0e8bef1a...dee4e23533 )
---
updated-dependencies:
- dependency-name: theupdateframework/tuf-conformance
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-11-29 14:16:48 +00:00
Jussi Kukkonen
d89c8e673f
coverage config: Add some excludes
...
This makes the results more useful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 13:28:56 +02:00
Jussi Kukkonen
fca3086b5d
repository: Change RuntimeError to AssertionError
...
These are assertions that should happen in production:
something is wrong in an unrecoverable way.
This is not an API change since no-one should be catching these.
Making these AssertionErrors makes them skippable in coverage.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 13:19:54 +02:00
Jussi Kukkonen
687d4557ad
Revert "refactor to use dict union, instead of unpacking"
...
This reverts commit eb6d82f324 .
The change itself was fine but since the code is otherwise compatible
with python 3.8, let's revert this to be compatible for one more
release.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 12:51:35 +02:00
Jussi Kukkonen
1d81a04707
Use __future.annotations module
...
This allows using some more nice annotations from 3.10
while still being compatible with even Python 3.8.
These are all annotation changes, should not modify any functionality.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 12:41:09 +02:00
Jussi Kukkonen
0b351efc6f
pyproject: Remove deprecated ruff rules
...
These are no longer part of the ruleset
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 11:53:35 +02:00
Jussi Kukkonen
f2aeb97add
Merge pull request #2731 from NicholasTanz/updateAnnotations
...
update python annotations
2024-11-29 11:48:20 +02:00
dependabot[bot]
74c0ad3fc5
build(deps): bump the test-and-lint-dependencies group with 2 updates ( #2740 )
...
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy ) and [ruff](https://github.com/astral-sh/ruff ).
Updates `coverage` from 7.6.7 to 7.6.8
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.7...7.6.8 )
Updates `ruff` from 0.7.4 to 0.8.0
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.4...0.8.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-26 14:31:41 +02:00
dependabot[bot]
0c0712d0c2
build(deps): bump hatchling in the build-and-release-dependencies group ( #2738 )
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.26.1 to 1.26.3
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.26.1...hatchling-v1.26.3 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 11:24:08 +02:00
dependabot[bot]
58d5ff4bb3
build(deps): bump the test-and-lint-dependencies group with 2 updates ( #2739 )
...
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy ) and [ruff](https://github.com/astral-sh/ruff ).
Updates `coverage` from 7.6.4 to 7.6.7
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.7 )
Updates `ruff` from 0.7.3 to 0.7.4
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.3...0.7.4 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 11:23:29 +02:00
dependabot[bot]
6264bbbea2
build(deps): bump ruff in the test-and-lint-dependencies group ( #2735 )
2024-11-18 09:50:33 +02:00
Justin Cappos
e2ac01fc08
Merge pull request #2737 from joshuagl/joshuagl-maint
...
docs: Joshua retiring as a maintainer
2024-11-12 13:57:30 -05:00
Joshua Lock
a52d8f4902
docs: Joshua retiring as a maintainer
...
Stepping down as I have insufficient bandwidth to meaningfully contribute.
Signed-off-by: Joshua Lock <joshuagloe@gmail.com>
2024-11-12 18:40:47 +00:00
Kairo Araujo
673cd4f226
Merge pull request #2736 from theupdateframework/dependabot/github_actions/action-dependencies-5da8da3d55
...
build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 in the action-dependencies group
2024-11-12 14:41:50 +01:00
Kairo Araujo
7d4d59ad00
Merge pull request #2734 from theupdateframework/dependabot/pip/build-and-release-dependencies-e9c6eaa3b4
...
build(deps): bump hatchling from 1.25.0 to 1.26.1 in the build-and-release-dependencies group
2024-11-12 14:41:08 +01:00