mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
730e4d8b97
Follows up on #978, which had the following problems: - too many requirements files (cc @trishankatdatadog ;) - used extra tooling around pip-compile that - didn't take into account requirement markers (see comments in requirements.txt in this commit), and - confused Dependabot, which expects the hashed requirements file in a certain format, as pip-compile would generate it without custom tooling (see #979). This commit restructures the requirements files as follows: - Merges requirements-tox.txt and requirements-test.txt. The separation was semantically correct but operationally irrelevant. - Removes the hashed requirements file, which doesn't add much security, especially with PEP 458 on the way (see python/peps#1306), but extra maintenance (see notes about requirements.txt in #978 and about Dependabot above) - Manually adds environment markers to requirements-pinned.txt (see comments in requirements.txt in this commit). Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
12 lines
340 B
Text
12 lines
340 B
Text
# Install requirements needed in each tox environment
|
|
|
|
# pinned tuf runtime dependencies (should auto-update and -trigger ci/cd)
|
|
-r requirements-pinned.txt
|
|
|
|
# test runtime dependencies (see 'tests_require' field in setup.py)
|
|
mock; python_version < "3.3"
|
|
|
|
# additional test tools for linting and coverage measurement
|
|
coverage
|
|
pylint
|
|
bandit
|