requirements: Use archive zip files from GitHub.

This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-02 19:51:29 -07:00 · 2019-10-02 19:51:29 -07:00 · 20c7ada7c5
parent 9182293d50
commit 20c7ada7c5
4 changed files with 20 additions and 20 deletions
--- a/requirements/common.in
+++ b/requirements/common.in
@ -38,7 +38,7 @@ defusedxml
 # Using our fork for the feature of searching users by email.
 # https://github.com/django-auth-ldap/django-auth-ldap/pull/150 for monitoring
 # progress on merging this upstream.
-git+https://github.com/zulip/django-auth-ldap.git@e26d0ef2a7ff77ab3fdd7b6578a76081f780778c#egg=django-auth-ldap==2.0.0zulip1
+https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1

 # Django extension providing bitfield support
 django-bitfield
@ -52,7 +52,7 @@ python-gcm
 # Needed for the email mirror
 html2text
 httplib2
-git+https://github.com/zulip/talon.git@7d8bdc4dbcfcc5a73298747293b99fe53da55315#egg=talon==1.2.10.zulip1
+https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1

 # Needed for hipchat import
 hypchat
@ -103,7 +103,7 @@ sourcemap
 tornado==4.*  # https://github.com/zulip/zulip/issues/8913

 # Fast JSON parser
-git+https://github.com/zulip/ultrajson@70ac02bec#egg=ujson==1.35+git
+https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git

 # Django extension for serving webpack modules
 django-webpack-loader
@ -131,8 +131,8 @@ python-magic
 # these tightly, including fetching content not included in the normal
 # release tarballs (which is a bug).  So we need to pin it makes sense
 # to pin a version from Git rather than a release.
-git+https://github.com/zulip/python-zulip-api.git@804501610b6a205334e71b4e441fca60acf650da#egg=zulip==0.6.1_git&subdirectory=zulip
-git+https://github.com/zulip/python-zulip-api.git@804501610b6a205334e71b4e441fca60acf650da#egg=zulip_bots==0.6.1+git&subdirectory=zulip_bots
+https://github.com/zulip/python-zulip-api/archive/804501610b6a205334e71b4e441fca60acf650da.zip#egg=zulip==0.6.1_git&subdirectory=zulip
+https://github.com/zulip/python-zulip-api/archive/804501610b6a205334e71b4e441fca60acf650da.zip#egg=zulip_bots==0.6.1+git&subdirectory=zulip_bots

 # Used for Hesiod lookups, etc.
 py3dns
@ -168,7 +168,7 @@ yamole

 # Needed for signing thumbnail requests so that they can be authenticated on the
 # other end.  Using a fork to eliminate a really slow pkgresources import.
-git+https://github.com/zulip/libthumbor.git@60ed2431c07686a12f2770b2d852c5650f3ccfc6#egg=libthumbor==1.3.2zulip
+https://github.com/zulip/libthumbor/archive/60ed2431c07686a12f2770b2d852c5650f3ccfc6.zip#egg=libthumbor==1.3.2zulip

 # Needed for string matching in AlertWordProcessor
 pyahocorasick
--- a/requirements/dev.in
+++ b/requirements/dev.in
@ -57,6 +57,6 @@ python-digitalocean
 pip-tools

 # zulip's linting framework - zulint
-git+https://github.com/zulip/zulint@aaed679f1ad38b230090eadd3870b7682500f60c#egg=zulint==0.0.1
+https://github.com/zulip/zulint/archive/aaed679f1ad38b230090eadd3870b7682500f60c.zip#egg=zulint==0.0.1

 -r mypy.in
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@ -41,7 +41,7 @@ datetime==4.3             # via moto
 decorator==4.4.0
 defusedxml==0.6.0
 disposable-email-domains==0.0.53
-git+https://github.com/zulip/django-auth-ldap.git@e26d0ef2a7ff77ab3fdd7b6578a76081f780778c#egg=django-auth-ldap==2.0.0zulip1
+https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
 django-bitfield==1.9.6
 django-formtools==2.1     # via django-two-factor-auth
 django-otp==0.7.2         # via django-two-factor-auth
@ -83,7 +83,7 @@ jsonpatch==1.24           # via cfn-lint
 jsonpickle==1.2           # via aws-xray-sdk, python-digitalocean
 jsonpointer==2.0          # via jsonpatch
 jsonschema==3.0.2         # via aws-sam-translator, cfn-lint
-git+https://github.com/zulip/libthumbor.git@60ed2431c07686a12f2770b2d852c5650f3ccfc6#egg=libthumbor==1.3.2zulip
+https://github.com/zulip/libthumbor/archive/60ed2431c07686a12f2770b2d852c5650f3ccfc6.zip#egg=libthumbor==1.3.2zulip
 lp37==2.1.1
 lxml==4.4.1
 markdown-include==0.5.1
@ -174,7 +174,7 @@ sqlalchemy==1.3.8
 sshpubkeys==3.1.0         # via moto
 statsd==3.3.0             # via django-statsd-mozilla
 stripe==2.36.2
-git+https://github.com/zulip/talon.git@7d8bdc4dbcfcc5a73298747293b99fe53da55315#egg=talon==1.2.10.zulip1
+https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1
 tblib==1.4.0
 tornado==4.5.3
 traitlets==4.3.2          # via ipython
@ -183,7 +183,7 @@ twilio==6.31.0
 twisted==19.7.0
 typed-ast==1.4.0          # via mypy
 typing-extensions==3.7.4
-git+https://github.com/zulip/ultrajson@70ac02bec#egg=ujson==1.35+git
+https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git
 unidecode==1.1.1          # via python-slugify
 urllib3==1.25.5           # via botocore, requests, transifex-client
 virtualenv-clone==0.5.3
@ -196,9 +196,9 @@ xmlsec==1.3.3             # via python3-saml
 xmltodict==0.12.0         # via moto
 yamole==2.1.6
 zope.interface==4.6.0     # via datetime, twisted
-git+https://github.com/zulip/zulint@aaed679f1ad38b230090eadd3870b7682500f60c#egg=zulint==0.0.1
-git+https://github.com/zulip/python-zulip-api.git@804501610b6a205334e71b4e441fca60acf650da#egg=zulip==0.6.1_git&subdirectory=zulip
-git+https://github.com/zulip/python-zulip-api.git@804501610b6a205334e71b4e441fca60acf650da#egg=zulip_bots==0.6.1+git&subdirectory=zulip_bots
+https://github.com/zulip/zulint/archive/aaed679f1ad38b230090eadd3870b7682500f60c.zip#egg=zulint==0.0.1
+https://github.com/zulip/python-zulip-api/archive/804501610b6a205334e71b4e441fca60acf650da.zip#egg=zulip==0.6.1_git&subdirectory=zulip
+https://github.com/zulip/python-zulip-api/archive/804501610b6a205334e71b4e441fca60acf650da.zip#egg=zulip_bots==0.6.1+git&subdirectory=zulip_bots

 # The following packages are considered to be unsafe in a requirements file:
 pip==19.2.3
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@ -27,7 +27,7 @@ cssutils==1.0.2           # via premailer
 decorator==4.4.0
 defusedxml==0.6.0
 disposable-email-domains==0.0.53
-git+https://github.com/zulip/django-auth-ldap.git@e26d0ef2a7ff77ab3fdd7b6578a76081f780778c#egg=django-auth-ldap==2.0.0zulip1
+https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
 django-bitfield==1.9.6
 django-formtools==2.1     # via django-two-factor-auth
 django-otp==0.7.2         # via django-two-factor-auth
@ -54,7 +54,7 @@ ipython==7.8.0
 isodate==0.6.0            # via python3-saml
 jedi==0.15.1              # via ipython
 jinja2==2.10.1
-git+https://github.com/zulip/libthumbor.git@60ed2431c07686a12f2770b2d852c5650f3ccfc6#egg=libthumbor==1.3.2zulip
+https://github.com/zulip/libthumbor/archive/60ed2431c07686a12f2770b2d852c5650f3ccfc6.zip#egg=libthumbor==1.3.2zulip
 lxml==4.4.1
 markdown-include==0.5.1
 markdown==3.1.1
@ -108,20 +108,20 @@ sourcemap==0.2.1
 sqlalchemy==1.3.8
 statsd==3.3.0             # via django-statsd-mozilla
 stripe==2.36.2
-git+https://github.com/zulip/talon.git@7d8bdc4dbcfcc5a73298747293b99fe53da55315#egg=talon==1.2.10.zulip1
+https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1
 tornado==4.5.3
 traitlets==4.3.2          # via ipython
 twilio==6.31.0
 typing-extensions==3.7.4
-git+https://github.com/zulip/ultrajson@70ac02bec#egg=ujson==1.35+git
+https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git
 urllib3==1.25.5           # via requests
 uwsgi==2.0.18
 virtualenv-clone==0.5.3
 wcwidth==0.1.7            # via prompt-toolkit
 xmlsec==1.3.3             # via python3-saml
 yamole==2.1.6
-git+https://github.com/zulip/python-zulip-api.git@804501610b6a205334e71b4e441fca60acf650da#egg=zulip==0.6.1_git&subdirectory=zulip
-git+https://github.com/zulip/python-zulip-api.git@804501610b6a205334e71b4e441fca60acf650da#egg=zulip_bots==0.6.1+git&subdirectory=zulip_bots
+https://github.com/zulip/python-zulip-api/archive/804501610b6a205334e71b4e441fca60acf650da.zip#egg=zulip==0.6.1_git&subdirectory=zulip
+https://github.com/zulip/python-zulip-api/archive/804501610b6a205334e71b4e441fca60acf650da.zip#egg=zulip_bots==0.6.1+git&subdirectory=zulip_bots

 # The following packages are considered to be unsafe in a requirements file:
 pip==19.2.3