Commit graph

6354 commits

Author SHA1 Message Date
Jussi Kukkonen
e5547e7984 workflows: Fix the spec version check
I removed all instances of "pip install -e ." from our scripts
in 4e889e7 since installing python-tuf is no longer needed (PWD
is in python import paths already).

This is a different case though since here we don't install dependencies
separately and importing python-tuf still requires securesystemslib:
Let's install the dependencies.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-01-13 20:14:48 +02:00
dependabot[bot]
43221a931a
build(deps): bump ruff in the test-and-lint-dependencies group (#2763)
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.8.4 to 0.8.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.4...0.8.6)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-07 10:35:55 +02:00
Kairo Araujo
467e806614
Merge pull request #2749 from jku/test-fixes
Unit test infrastructure fixes
2025-01-06 15:25:55 +01:00
Kairo Araujo
3c4fcde38a
Merge pull request #2750 from jku/update-securesystemslib-extras
Update securesystemslib extras
2025-01-06 15:25:31 +01:00
Jussi Kukkonen
83ec7be7cf requirements: Generate pinned list
The only real change is pynacl being removed.

The command used to generate the list is documented in the generated
file. Note that --strip-extras is used: it will be default soon
anyway.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-31 11:08:01 +02:00
Jussi Kukkonen
6d5c5cd867 requirements: pynacl is no longer needed
This is obsolete by now.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-31 11:05:43 +02:00
dependabot[bot]
5dc5ceaad6
build(deps): bump mypy in the test-and-lint-dependencies group (#2760)
Bumps the test-and-lint-dependencies group with 1 update: [mypy](https://github.com/python/mypy).


Updates `mypy` from 1.14.0 to 1.14.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-31 11:02:36 +02:00
dependabot[bot]
956c0f1303
build(deps): bump the dependencies group with 2 updates (#2759)
Bumps the dependencies group with 2 updates: [charset-normalizer](https://github.com/jawah/charset_normalizer) and [coverage[toml]](https://github.com/nedbat/coveragepy).


Updates `charset-normalizer` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1)

Updates `coverage[toml]` from 7.6.9 to 7.6.10
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.9...7.6.10)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: coverage[toml]
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-31 10:54:53 +02:00
dependabot[bot]
0bbd7f582d
build(deps): bump urllib3 from 2.2.3 to 2.3.0 in the dependencies group (#2757)
Bumps the dependencies group with 1 update: [urllib3](https://github.com/urllib3/urllib3).


Updates `urllib3` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.3...2.3.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-30 11:05:42 +02:00
dependabot[bot]
05d405e591
build(deps): bump actions/upload-artifact (#2755) 2024-12-24 13:57:37 +02:00
dependabot[bot]
422179fd72
build(deps): bump the test-and-lint-dependencies group with 2 updates (#2756) 2024-12-24 13:56:26 +02:00
Kairo Araujo
8d56056560
Merge pull request #2752 from theupdateframework/dependabot/pip/build-and-release-dependencies-1bac42353b
build(deps): bump hatchling from 1.26.3 to 1.27.0 in the build-and-release-dependencies group
2024-12-17 09:45:19 +01:00
Kairo Araujo
d278bd367d
Merge pull request #2753 from theupdateframework/dependabot/pip/test-and-lint-dependencies-1d5bbdc524
build(deps): bump ruff from 0.8.2 to 0.8.3 in the test-and-lint-dependencies group
2024-12-17 09:45:03 +01:00
Kairo Araujo
b2925b080c
Merge pull request #2754 from theupdateframework/dependabot/pip/dependencies-d3e2c9eccf
build(deps): bump certifi from 2024.8.30 to 2024.12.14 in the dependencies group
2024-12-17 09:44:50 +01:00
dependabot[bot]
fab69edf0f
build(deps): bump certifi in the dependencies group
Bumps the dependencies group with 1 update: [certifi](https://github.com/certifi/python-certifi).


Updates `certifi` from 2024.8.30 to 2024.12.14
- [Commits](https://github.com/certifi/python-certifi/compare/2024.08.30...2024.12.14)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-16 21:07:59 +00:00
dependabot[bot]
971e0024a8
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.2...0.8.3)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-16 21:07:10 +00:00
dependabot[bot]
7157e304d8
build(deps): bump hatchling in the build-and-release-dependencies group
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.26.3 to 1.27.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.26.3...hatchling-v1.27.0)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-16 21:06:53 +00:00
Jussi Kukkonen
4548f38d8d pyproject: Coverage: Use branch coverage
This was in use in tests/.coveragerc: previously. Enable in
pyproject config too.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 11:55:11 +02:00
Jussi Kukkonen
4e889e7212 dev env: Stop installing tuf as "editable"
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
ec81bfa0b1 tests: Simplify test data generation
We always want to either verify or generate new results:
don't have multiple arguments.

Also fix annotated types.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
31bb232ca3 tests: Remove various unneeded coverage workarounds
Tests now run from root dir so various coverage complications
can be removed.

Also remove the duplicate .coveragerc and rely on pyproject.toml

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
58bf56f81e pyproject: Remove dev-mode-dirs
This was only needed because tests needed changing to tests/ dir:
this is no longer the case.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
9946dc5277 tests: Make sure tests can execute from root source dir
"python -m unittest" now works in the root source dir too

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
28a031f039 tests: Remove aggregate_tests.py
This was essentially unused now (originally it was used to
randomize the test order).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:49 +02:00
Jussi Kukkonen
caa4960691 tests: Fix return value of a test
We don't actually want to return anything here: just
make sure download_file() gets executed

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-10 20:30:49 +02:00
dependabot[bot]
7c638b02e5
build(deps): bump ruff in the test-and-lint-dependencies group (#2746) 2024-12-10 09:06:43 +02:00
dependabot[bot]
258be33ab1
build(deps): bump the dependencies group with 2 updates (#2747) 2024-12-10 09:06:11 +02:00
dependabot[bot]
69222b2e06
build(deps): bump pypa/gh-action-pypi-publish (#2748) 2024-12-10 09:04:42 +02:00
Jussi Kukkonen
d805a81355
Merge pull request #2741 from jku/use-future-annotations 2024-12-06 14:49:23 +02:00
Kairo Araujo
a0f080a7f0
Merge pull request #2744 from theupdateframework/dependabot/pip/dependencies-03688326f5
build(deps): bump cryptography from 43.0.3 to 44.0.0 in the dependencies group
2024-12-03 09:21:34 +01:00
Kairo Araujo
fc7bdf21de
Merge pull request #2743 from theupdateframework/dependabot/pip/test-and-lint-dependencies-58a7d47244
build(deps): bump ruff from 0.8.0 to 0.8.1 in the test-and-lint-dependencies group
2024-12-03 09:20:52 +01:00
dependabot[bot]
2309a329bc
build(deps): bump cryptography in the dependencies group
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 43.0.3 to 44.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/43.0.3...44.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-02 22:19:15 +00:00
dependabot[bot]
2169cc8825
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.0...0.8.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-02 22:18:28 +00:00
Jussi Kukkonen
4f32a13ab0 pyproject: Don't require Python 3.9 quite yet
We're still compatible with 3.8: let's not force 3.9 yet.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 16:31:45 +02:00
Jussi Kukkonen
371d122193
Merge pull request #2742 from theupdateframework/dependabot/github_actions/action-dependencies-72fea10bec
build(deps): bump theupdateframework/tuf-conformance from 2.1.0 to 2.2.0 in the action-dependencies group
2024-11-29 16:18:47 +02:00
dependabot[bot]
acffdc030e
build(deps): bump theupdateframework/tuf-conformance
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance).


Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases)
- [Commits](ad0e8bef1a...dee4e23533)

---
updated-dependencies:
- dependency-name: theupdateframework/tuf-conformance
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-29 14:16:48 +00:00
Jussi Kukkonen
d89c8e673f coverage config: Add some excludes
This makes the results more useful

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 13:28:56 +02:00
Jussi Kukkonen
fca3086b5d repository: Change RuntimeError to AssertionError
These are assertions that should happen in production:
something is wrong in an unrecoverable way.

This is not an API change since no-one should be catching these.
Making these AssertionErrors makes them skippable in coverage.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 13:19:54 +02:00
Jussi Kukkonen
687d4557ad Revert "refactor to use dict union, instead of unpacking"
This reverts commit eb6d82f324.

The change itself was fine but since the code is otherwise compatible
with python 3.8, let's revert this to be compatible for one more
release.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 12:51:35 +02:00
Jussi Kukkonen
1d81a04707 Use __future.annotations module
This allows using some more nice annotations from 3.10
while still being compatible with even Python 3.8.

These are all annotation changes, should not modify any functionality.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 12:41:09 +02:00
Jussi Kukkonen
0b351efc6f pyproject: Remove deprecated ruff rules
These are no longer part of the ruleset

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-11-29 11:53:35 +02:00
Jussi Kukkonen
f2aeb97add
Merge pull request #2731 from NicholasTanz/updateAnnotations
update python annotations
2024-11-29 11:48:20 +02:00
dependabot[bot]
74c0ad3fc5
build(deps): bump the test-and-lint-dependencies group with 2 updates (#2740)
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.6.7 to 7.6.8
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.7...7.6.8)

Updates `ruff` from 0.7.4 to 0.8.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.4...0.8.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-26 14:31:41 +02:00
dependabot[bot]
0c0712d0c2
build(deps): bump hatchling in the build-and-release-dependencies group (#2738)
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.26.1 to 1.26.3
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.26.1...hatchling-v1.26.3)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 11:24:08 +02:00
dependabot[bot]
58d5ff4bb3
build(deps): bump the test-and-lint-dependencies group with 2 updates (#2739)
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.6.4 to 7.6.7
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.7)

Updates `ruff` from 0.7.3 to 0.7.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.3...0.7.4)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 11:23:29 +02:00
dependabot[bot]
6264bbbea2
build(deps): bump ruff in the test-and-lint-dependencies group (#2735) 2024-11-18 09:50:33 +02:00
Justin Cappos
e2ac01fc08
Merge pull request #2737 from joshuagl/joshuagl-maint
docs: Joshua retiring as a maintainer
2024-11-12 13:57:30 -05:00
Joshua Lock
a52d8f4902 docs: Joshua retiring as a maintainer
Stepping down as I have insufficient bandwidth to meaningfully contribute.

Signed-off-by: Joshua Lock <joshuagloe@gmail.com>
2024-11-12 18:40:47 +00:00
Kairo Araujo
673cd4f226
Merge pull request #2736 from theupdateframework/dependabot/github_actions/action-dependencies-5da8da3d55
build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 in the action-dependencies group
2024-11-12 14:41:50 +01:00
Kairo Araujo
7d4d59ad00
Merge pull request #2734 from theupdateframework/dependabot/pip/build-and-release-dependencies-e9c6eaa3b4
build(deps): bump hatchling from 1.25.0 to 1.26.1 in the build-and-release-dependencies group
2024-11-12 14:41:08 +01:00