From 21c2a4cc42447f5380c2b2d5638d7505658a52c0 Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Fri, 17 Apr 2020 16:45:40 -0700 Subject: [PATCH] update-locked-requirements: Generate prod locks from dev locks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This guarantees that we don’t accidentally upgrade one without the other, which could happen for example due to different third-party version constraints between the two. Signed-off-by: Anders Kaseorg --- requirements/README.md | 10 +++++----- requirements/dev.in | 3 ++- requirements/dev.txt | 8 ++++++-- requirements/docs.txt | 7 ++++--- requirements/pip2.in | 1 + requirements/thumbor-dev.in | 1 + requirements/thumbor-dev.txt | 11 +++++++++++ tools/update-locked-requirements | 15 +++++++++------ version.py | 2 +- 9 files changed, 40 insertions(+), 18 deletions(-) create mode 120000 requirements/pip2.in diff --git a/requirements/README.md b/requirements/README.md index 38b384fcac..f9326e0b51 100644 --- a/requirements/README.md +++ b/requirements/README.md @@ -1,18 +1,18 @@ The dependency graph of the requirements is as follows: ``` -dev prod -+ + + -| +->common<-+ +dev +-> prod +-> common ++ +| v -mypy,docs +mypy,docs,pip ``` Of the files, only dev, prod, and mypy have been used in the install scripts directly. The rest are implicit dependencies. Steps to update a lock file, e.g. to update ipython from 5.3.0 to latest version: -0. Remove entries for `ipython==5.4.1` in dev.txt and prod.txt. +0. Remove entry for `ipython==5.4.1` in dev.txt. 1. Run `./tools/update-locked-requirements`, which will generate new entries, pinned to the latest version. 2. Increase `PROVISION_VERSION` in `version.py`. 3. Run `./tools/provision` to install the new deps and test them. diff --git a/requirements/dev.in b/requirements/dev.in index af04b318b5..4066aed0e8 100644 --- a/requirements/dev.in +++ b/requirements/dev.in @@ -1,7 +1,8 @@ # After editing this file, you MUST afterward run # /tools/update-locked-requirements to update requirements/dev.txt. # See requirements/README.md for more detail. --r common.in +-r pip.in +-r prod.in -r docs.in # moto s3 mock diff --git a/requirements/dev.txt b/requirements/dev.txt index 8a426edddd..cac4b9e207 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -901,6 +901,8 @@ urllib3==1.25.8 \ --hash=sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc \ --hash=sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc \ # via botocore, requests +uwsgi==2.0.18 \ + --hash=sha256:4972ac538800fb2d421027f49b4a1869b66048839507ccf0aa2fda792d99f583 virtualenv-clone==0.5.3 \ --hash=sha256:532f789a5c88adf339506e3ca03326f20ee82fd08ee5586b44dc859b5b4468c5 \ --hash=sha256:c88ae171a11b087ea2513f260cdac9232461d8e9369bcd1dc143fc399d220557 @@ -924,6 +926,9 @@ werkzeug==0.16.1 \ --hash=sha256:1e0dedc2acb1f46827daa2e399c1485c8fa17c0d8e70b6b875b4e7f54bf408d2 \ --hash=sha256:b353856d37dec59d6511359f97f6a4b2468442e454bd1c98298ddce53cac1f04 \ # via moto +wheel==0.34.2 \ + --hash=sha256:8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 \ + --hash=sha256:df277cb51e61359aba502208d680f90c0493adec6f0e848af94948778aed386e wrapt==1.11.2 \ --hash=sha256:565a021fd19419476b9362b05eeaa094178de64f8361e44468f9e9d7843901e1 \ # via aws-xray-sdk @@ -997,5 +1002,4 @@ pip==20.0.2 \ --hash=sha256:7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f setuptools==45.1.0 \ --hash=sha256:68e7fd3508687f94367f1aa090a3ed921cd045a60b73d8b0aa1f305199a0ca28 \ - --hash=sha256:91f72d83602a6e5e4a9e4fe296e27185854038d7cbda49dcd7006c4d3b3b89d5 \ - # via cairocffi, cssselect2, ipython, jsonschema, markdown, sphinx, tinycss2, zope.interface + --hash=sha256:91f72d83602a6e5e4a9e4fe296e27185854038d7cbda49dcd7006c4d3b3b89d5 diff --git a/requirements/docs.txt b/requirements/docs.txt index 3e22a220be..8ee5c80bb3 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -27,9 +27,10 @@ commonmark==0.9.1 \ --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \ --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9 \ # via recommonmark -docutils==0.16 \ - --hash=sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af \ - --hash=sha256:c2de3a60e9e7d07be26b7f2b00ca0309c207e06c100f9cc2a94931fc75a478fc \ +docutils==0.15.2 \ + --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \ + --hash=sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827 \ + --hash=sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99 \ # via recommonmark, sphinx idna==2.8 \ --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \ diff --git a/requirements/pip2.in b/requirements/pip2.in new file mode 120000 index 0000000000..09b13562cb --- /dev/null +++ b/requirements/pip2.in @@ -0,0 +1 @@ +pip.in \ No newline at end of file diff --git a/requirements/thumbor-dev.in b/requirements/thumbor-dev.in index f88df717d3..b0d4e0215f 100644 --- a/requirements/thumbor-dev.in +++ b/requirements/thumbor-dev.in @@ -1,2 +1,3 @@ +-r pip.in -r thumbor.in pip-tools diff --git a/requirements/thumbor-dev.txt b/requirements/thumbor-dev.txt index 7509a13a44..24ddd85288 100644 --- a/requirements/thumbor-dev.txt +++ b/requirements/thumbor-dev.txt @@ -157,3 +157,14 @@ webcolors==1.10 \ --hash=sha256:2559b4f4694bfcd61c87ee06acad921bd2fdbf0c844bee65fc844c6910c413dd \ --hash=sha256:7b11194c414dcf4b9bd8fb5ceaafc9da183b27430883c62f620589eb79b91b6e \ # via thumbor +wheel==0.34.2 \ + --hash=sha256:8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 \ + --hash=sha256:df277cb51e61359aba502208d680f90c0493adec6f0e848af94948778aed386e + +# The following packages are considered to be unsafe in a requirements file: +pip==20.0.2 \ + --hash=sha256:4ae14a42d8adba3205ebeb38aa68cfc0b6c346e1ae2e699a0b3bad4da19cef5c \ + --hash=sha256:7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f +setuptools==44.0.0 \ + --hash=sha256:180081a244d0888b0065e18206950d603f6550721bd6f8c0a10221ed467dd78e \ + --hash=sha256:e5baf7723e5bb8382fc146e33032b241efc63314211a3a120aaa55d62d2bb008 diff --git a/tools/update-locked-requirements b/tools/update-locked-requirements index f365fabf67..88007cd7a9 100755 --- a/tools/update-locked-requirements +++ b/tools/update-locked-requirements @@ -54,11 +54,14 @@ if [ $# -gt 0 ]; then done fi -compile_requirements requirements/pip.in "$OUTPUT_BASE_DIR/pip.txt" -compile_requirements requirements/prod.in "$OUTPUT_BASE_DIR/prod.txt" compile_requirements requirements/dev.in "$OUTPUT_BASE_DIR/dev.txt" -compile_requirements requirements/mypy.in "$OUTPUT_BASE_DIR/mypy.txt" -compile_requirements requirements/docs.in "$OUTPUT_BASE_DIR/docs.txt" -compile_requirements requirements/pip.in "$OUTPUT_BASE_DIR/pip2.txt" py2 -compile_requirements requirements/thumbor.in "$OUTPUT_BASE_DIR/thumbor.txt" py2 +for name in pip prod mypy docs; do + cp "$OUTPUT_BASE_DIR/dev.txt" "$OUTPUT_BASE_DIR/$name.txt" + compile_requirements "requirements/$name.in" "$OUTPUT_BASE_DIR/$name.txt" +done + compile_requirements requirements/thumbor-dev.in "$OUTPUT_BASE_DIR/thumbor-dev.txt" py2 +for name in pip2 thumbor; do + cp "$OUTPUT_BASE_DIR/thumbor-dev.txt" "$OUTPUT_BASE_DIR/$name.txt" + compile_requirements "requirements/$name.in" "$OUTPUT_BASE_DIR/$name.txt" py2 +done diff --git a/version.py b/version.py index 64632e8530..a12c266369 100644 --- a/version.py +++ b/version.py @@ -34,4 +34,4 @@ DESKTOP_WARNING_VERSION = "5.0.0" # historical commits sharing the same major version, in which case a # minor version bump suffices. -PROVISION_VERSION = '75.7' +PROVISION_VERSION = '75.8'