mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
4548f38d8d
This was in use in tests/.coveragerc: previously. Enable in pyproject config too. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
159 lines
4.3 KiB
TOML
159 lines
4.3 KiB
TOML
[build-system]
|
|
# Dependabot cannot do `build-system.requires` (dependabot/dependabot-core#8465)
|
|
# workaround to get reproducibility and auto-updates:
|
|
# PIP_CONSTRAINT=requirements/build.txt python3 -m build ...
|
|
requires = ["hatchling"]
|
|
build-backend = "hatchling.build"
|
|
|
|
[project]
|
|
name = "tuf"
|
|
description = "A secure updater framework for Python"
|
|
readme = "README.md"
|
|
license = { text = "MIT OR Apache-2.0" }
|
|
requires-python = ">=3.8"
|
|
authors = [
|
|
{ email = "theupdateframework@googlegroups.com" },
|
|
]
|
|
keywords = [
|
|
"authentication",
|
|
"compromise",
|
|
"key",
|
|
"revocation",
|
|
"secure",
|
|
"update",
|
|
"updater",
|
|
]
|
|
classifiers = [
|
|
"Development Status :: 5 - Production/Stable",
|
|
"Intended Audience :: Developers",
|
|
"License :: OSI Approved :: Apache Software License",
|
|
"License :: OSI Approved :: MIT License",
|
|
"Natural Language :: English",
|
|
"Operating System :: MacOS :: MacOS X",
|
|
"Operating System :: Microsoft :: Windows",
|
|
"Operating System :: POSIX",
|
|
"Operating System :: POSIX :: Linux",
|
|
"Programming Language :: Python",
|
|
"Programming Language :: Python :: 3",
|
|
"Programming Language :: Python :: 3.9",
|
|
"Programming Language :: Python :: 3.10",
|
|
"Programming Language :: Python :: 3.11",
|
|
"Programming Language :: Python :: 3.12",
|
|
"Programming Language :: Python :: 3.13",
|
|
"Programming Language :: Python :: Implementation :: CPython",
|
|
"Topic :: Security",
|
|
"Topic :: Software Development",
|
|
]
|
|
dependencies = [
|
|
"requests>=2.19.1",
|
|
"securesystemslib~=1.0",
|
|
]
|
|
dynamic = ["version"]
|
|
|
|
[project.urls]
|
|
Documentation = "https://theupdateframework.readthedocs.io/en/stable/"
|
|
Homepage = "https://www.updateframework.com"
|
|
Issues = "https://github.com/theupdateframework/python-tuf/issues"
|
|
Source = "https://github.com/theupdateframework/python-tuf"
|
|
|
|
[tool.hatch.version]
|
|
path = "tuf/__init__.py"
|
|
|
|
[tool.hatch.build.targets.sdist]
|
|
include = [
|
|
"/docs",
|
|
"/examples",
|
|
"/tests",
|
|
"/tuf",
|
|
"/requirements",
|
|
"/tox.ini",
|
|
"/setup.py",
|
|
]
|
|
|
|
# Ruff section
|
|
# Read more here: https://docs.astral.sh/ruff/linter/#rule-selection
|
|
[tool.ruff]
|
|
line-length=80
|
|
|
|
[tool.ruff.lint]
|
|
select = ["ALL"]
|
|
ignore = [
|
|
# Rulesets we do not use at this moment
|
|
"COM",
|
|
"EM",
|
|
"FA",
|
|
"FIX",
|
|
"FBT",
|
|
"PERF",
|
|
"PT",
|
|
"PTH",
|
|
"TD",
|
|
"TRY",
|
|
|
|
# Individual rules that have been disabled
|
|
"D400", "D415", "D213", "D205", "D202", "D107", "D407", "D413", "D212", "D104", "D406", "D105", "D411", "D401", "D200", "D203",
|
|
"ISC001", # incompatible with ruff formatter
|
|
"PLR0913", "PLR2004",
|
|
]
|
|
|
|
[tool.ruff.lint.per-file-ignores]
|
|
"tests/*" = [
|
|
"D", # pydocstyle: no docstrings required for tests
|
|
"E501", # line-too-long: embedded test data in "fmt: off" blocks is ok
|
|
"ERA001", # commented code is fine in tests
|
|
"RUF012", # ruff: mutable-class-default
|
|
"S", # bandit: Not running bandit on tests
|
|
"SLF001", # private member access is ok in tests
|
|
"T201", # print is ok in tests
|
|
]
|
|
"examples/*/*" = [
|
|
"D", # pydocstyle: no docstrings required for examples
|
|
"ERA001", # commented code is fine in examples
|
|
"INP001", # implicit package is fine in examples
|
|
"S", # bandit: Not running bandit on examples
|
|
"T201", # print is ok in examples
|
|
]
|
|
"verify_release" = [
|
|
"ERA001", # commented code is fine here
|
|
"S603", # bandit: this flags all uses of subprocess.run as vulnerable
|
|
"T201", # print is ok in verify_release
|
|
]
|
|
".github/scripts/*" = [
|
|
"T201", # print is ok in conformance client
|
|
]
|
|
|
|
[tool.ruff.lint.flake8-annotations]
|
|
mypy-init-return = true
|
|
|
|
# mypy section
|
|
# Read more here: https://mypy.readthedocs.io/en/stable/config_file.html#using-a-pyproject-toml-file
|
|
[tool.mypy]
|
|
warn_unused_configs = "True"
|
|
warn_redundant_casts = "True"
|
|
warn_unused_ignores = "True"
|
|
warn_unreachable = "True"
|
|
strict_equality = "True"
|
|
disallow_untyped_defs = "True"
|
|
disallow_untyped_calls = "True"
|
|
show_error_codes = "True"
|
|
disable_error_code = ["attr-defined"]
|
|
|
|
[[tool.mypy.overrides]]
|
|
module = [
|
|
"requests.*",
|
|
"securesystemslib.*",
|
|
]
|
|
ignore_missing_imports = "True"
|
|
|
|
[tool.coverage.report]
|
|
exclude_also = [
|
|
# abstract class method definition
|
|
"raise NotImplementedError",
|
|
# defensive programming: these cannot happen
|
|
"raise AssertionError",
|
|
# imports for mypy only
|
|
"if TYPE_CHECKING",
|
|
]
|
|
[tool.coverage.run]
|
|
branch = true
|
|
omit = [ "tests/*" ]
|