[build-system] # Dependabot cannot do `build-system.requires` (dependabot/dependabot-core#8465) # workaround to get reproducibility and auto-updates: # PIP_CONSTRAINT=requirements/build.txt python3 -m build ... requires = ["hatchling"] build-backend = "hatchling.build" [project] name = "tuf" description = "A secure updater framework for Python" readme = "README.md" license = { text = "MIT OR Apache-2.0" } requires-python = ">=3.8" authors = [ { email = "theupdateframework@googlegroups.com" }, ] keywords = [ "authentication", "compromise", "key", "revocation", "secure", "update", "updater", ] classifiers = [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: Microsoft :: Windows", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Software Development", ] dependencies = [ "requests>=2.19.1", "securesystemslib~=1.0", ] dynamic = ["version"] [project.urls] Documentation = "https://theupdateframework.readthedocs.io/en/stable/" Homepage = "https://www.updateframework.com" Issues = "https://github.com/theupdateframework/python-tuf/issues" Source = "https://github.com/theupdateframework/python-tuf" [tool.hatch.version] path = "tuf/__init__.py" [tool.hatch.build.targets.sdist] include = [ "/docs", "/examples", "/tests", "/tuf", "/requirements", "/tox.ini", "/setup.py", ] [tool.hatch.build.targets.wheel] # The testing phase changes the current working directory to `tests` but the test scripts import # from `tests` so the root directory must be added to Python's path for editable installations dev-mode-dirs = ["."] # Ruff section # Read more here: https://docs.astral.sh/ruff/linter/#rule-selection [tool.ruff] line-length=80 [tool.ruff.lint] select = ["ALL"] ignore = [ # Rulesets we do not use at this moment "COM", "EM", "FA", "FIX", "FBT", "PERF", "PT", "PTH", "TD", "TRY", # Individual rules that have been disabled "ANN101", "ANN102", # nonsense, deprecated in ruff "D400", "D415", "D213", "D205", "D202", "D107", "D407", "D413", "D212", "D104", "D406", "D105", "D411", "D401", "D200", "D203", "ISC001", # incompatible with ruff formatter "PLR0913", "PLR2004", ] [tool.ruff.lint.per-file-ignores] "tests/*" = [ "D", # pydocstyle: no docstrings required for tests "E501", # line-too-long: embedded test data in "fmt: off" blocks is ok "ERA001", # commented code is fine in tests "RUF012", # ruff: mutable-class-default "S", # bandit: Not running bandit on tests "SLF001", # private member access is ok in tests "T201", # print is ok in tests ] "examples/*/*" = [ "D", # pydocstyle: no docstrings required for examples "ERA001", # commented code is fine in examples "INP001", # implicit package is fine in examples "S", # bandit: Not running bandit on examples "T201", # print is ok in examples ] "verify_release" = [ "ERA001", # commented code is fine here "S603", # bandit: this flags all uses of subprocess.run as vulnerable "T201", # print is ok in verify_release ] ".github/scripts/*" = [ "T201", # print is ok in conformance client ] [tool.ruff.lint.flake8-annotations] mypy-init-return = true # mypy section # Read more here: https://mypy.readthedocs.io/en/stable/config_file.html#using-a-pyproject-toml-file [tool.mypy] warn_unused_configs = "True" warn_redundant_casts = "True" warn_unused_ignores = "True" warn_unreachable = "True" strict_equality = "True" disallow_untyped_defs = "True" disallow_untyped_calls = "True" show_error_codes = "True" disable_error_code = ["attr-defined"] [[tool.mypy.overrides]] module = [ "requests.*", "securesystemslib.*", ] ignore_missing_imports = "True"