forked from certbot/certbot
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Redo the majority of Certbot's pinning system (certbot#8741)
* add initial pyproject.toml * add extra dependencies * add simple bash script * polish * reuse pipstrap * add requirements.txt * temporarily remove hashin dep * Switch to requirements.txt * remove hashin check * update requirements.txt again * remove unnecessary merge * pin back augeas * unpin cryptography * simplify pywin32 pinning * update comment * pin back pytest and pylint * pin back pytest-forked * pin back coverage * update script comments * fix pyopenssl case * add minimum poetry version * run pin.sh
- Loading branch information
Showing
13 changed files
with
323 additions
and
624 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/bin/bash | ||
# This script accepts no arguments and automates the process of updating | ||
# Certbot's dependencies. Dependencies can be pinned to older versions by | ||
# modifying pyproject.toml in the same directory as this file. | ||
set -euo pipefail | ||
|
||
WORK_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" | ||
REPO_ROOT="$(dirname "$(dirname "${WORK_DIR}")")" | ||
PIPSTRAP_CONSTRAINTS="${REPO_ROOT}/tools/pipstrap_constraints.txt" | ||
RELATIVE_SCRIPT_PATH="$(realpath --relative-to "$REPO_ROOT" "$WORK_DIR")/$(basename "${BASH_SOURCE[0]}")" | ||
REQUIREMENTS_FILE="$REPO_ROOT/tools/requirements.txt" | ||
STRIP_HASHES="${REPO_ROOT}/tools/strip_hashes.py" | ||
|
||
if ! command -v poetry >/dev/null; then | ||
echo "Please install poetry." | ||
echo "You may need to recreate Certbot's virtual environment and activate it." | ||
exit 1 | ||
fi | ||
|
||
cd "${WORK_DIR}" | ||
|
||
if [ -f poetry.lock ]; then | ||
rm poetry.lock | ||
fi | ||
|
||
poetry lock | ||
|
||
TEMP_REQUIREMENTS=$(mktemp) | ||
trap 'rm poetry.lock; rm $TEMP_REQUIREMENTS' EXIT | ||
|
||
poetry export -o "${TEMP_REQUIREMENTS}" --without-hashes | ||
# We need to remove local packages from the requirements file. | ||
sed -i '/^acme @/d; /certbot/d;' "${TEMP_REQUIREMENTS}" | ||
# Poetry currently will not include pip, setuptools, or wheel in lockfiles or | ||
# requirements files. This was resolved by | ||
# https://github.com/python-poetry/poetry/pull/2826, but as of writing this it | ||
# hasn't been included in a release yet. For now, we continue to keep | ||
# pipstrap's pinning separate which has the added benefit of having it continue | ||
# to check hashes when pipstrap is run directly. | ||
"${STRIP_HASHES}" "${PIPSTRAP_CONSTRAINTS}" >> "${TEMP_REQUIREMENTS}" | ||
|
||
cat << EOF > "$REQUIREMENTS_FILE" | ||
# This file was generated by $RELATIVE_SCRIPT_PATH and can be updated using | ||
# that script. | ||
# | ||
# It is normally used as constraints to pip, however, it has the name | ||
# requirements.txt so that is scanned by GitHub. See | ||
# https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems | ||
# for more info. | ||
EOF | ||
cat "${TEMP_REQUIREMENTS}" >> "${REQUIREMENTS_FILE}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
[tool.poetry] | ||
name = "certbot-pinner" | ||
version = "0.1.0" | ||
description = "A simple project for pinning Certbot's dependencies using Poetry." | ||
authors = ["Certbot Project"] | ||
license = "Apache License 2.0" | ||
|
||
[tool.poetry.dependencies] | ||
python = "^3.6" | ||
|
||
# Local dependencies | ||
# Any local packages that have dependencies on other local packages must be | ||
# listed below before the package it depends on. For instance, certbot depends | ||
# on acme so certbot must be listed before acme. | ||
certbot-ci = {path = "../../certbot-ci", extras = ["docs"]} | ||
certbot-compatibility-test = {path = "../../certbot-compatibility-test", extras = ["docs"]} | ||
certbot-dns-cloudflare = {path = "../../certbot-dns-cloudflare", extras = ["docs"]} | ||
certbot-dns-cloudxns = {path = "../../certbot-dns-cloudxns", extras = ["docs"]} | ||
certbot-dns-digitalocean = {path = "../../certbot-dns-digitalocean", extras = ["docs"]} | ||
certbot-dns-dnsimple = {path = "../../certbot-dns-dnsimple", extras = ["docs"]} | ||
certbot-dns-dnsmadeeasy = {path = "../../certbot-dns-dnsmadeeasy", extras = ["docs"]} | ||
certbot-dns-gehirn = {path = "../../certbot-dns-gehirn", extras = ["docs"]} | ||
certbot-dns-google = {path = "../../certbot-dns-google", extras = ["docs"]} | ||
certbot-dns-linode = {path = "../../certbot-dns-linode", extras = ["docs"]} | ||
certbot-dns-luadns = {path = "../../certbot-dns-luadns", extras = ["docs"]} | ||
certbot-dns-nsone = {path = "../../certbot-dns-nsone", extras = ["docs"]} | ||
certbot-dns-ovh = {path = "../../certbot-dns-ovh", extras = ["docs"]} | ||
certbot-dns-rfc2136 = {path = "../../certbot-dns-rfc2136", extras = ["docs"]} | ||
certbot-dns-route53 = {path = "../../certbot-dns-route53", extras = ["docs"]} | ||
certbot-dns-sakuracloud = {path = "../../certbot-dns-sakuracloud", extras = ["docs"]} | ||
certbot-nginx = {path = "../../certbot-nginx", extras = ["docs"]} | ||
certbot-apache = {path = "../../certbot-apache", extras = ["dev"]} | ||
certbot = {path = "../../certbot", extras = ["dev", "docs"]} | ||
acme = {path = "../../acme", extras = ["dev", "docs"]} | ||
|
||
# Extra dependencies | ||
# See https://github.com/certbot/certbot/issues/8425. | ||
mypy = "0.710" | ||
# Upgrading coverage, pylint, pytest, and some of pytest's plugins causes many | ||
# test failures so let's pin these packages back for now. | ||
coverage = "4.5.4" | ||
pylint = "2.4.3" | ||
pytest = "3.2.5" | ||
pytest-forked = "0.2" | ||
# We were originally pinning back python-augeas for certbot-auto because we | ||
# found the way older versions of the library linked to Augeas were more | ||
# reliable. That's no longer a concern, however, we continue to pin back the | ||
# library for now because it causes Certbot tests on Windows to fail. See | ||
# https://github.com/certbot/certbot/issues/8732. | ||
python-augeas = "0.5.0" | ||
|
||
[tool.poetry.dev-dependencies] | ||
|
||
[build-system] | ||
requires = ["poetry-core>=1.0.0"] | ||
build-backend = "poetry.core.masonry.api" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.