Commit Graph

27 Commits

Author SHA1 Message Date
Anders Kaseorg 3d876aacc6 requirements: Use pip-compile --generated-hashes for better security.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-06 15:21:18 -07:00
Anders Kaseorg 9f09d4fcfd update-locked-requirements: Print some progress information.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-06 15:21:18 -07:00
Anders Kaseorg d368aaad10 requirements: Generate pip.txt from pip.in like the other *.txt files.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 13:23:58 -07:00
Anders Kaseorg 92b42573fb requirements: Compile thumbor requirements with pip-tools on Python 2.
The reason that `pip-tools` running on Python 3 didn’t detect the
right requirements for `thumbor` on Python 2 is simply that some of
them are conditional on the Python version.

As for the requirements that had been manually added as a workaround:
`backports-abc` and `singledispatch` are now correctly detected, while
`backports.ssl-match-hostname` was vendored into `urllib3` some time
ago and `certifi` is no longer necessary.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 11:56:36 -07:00
Anders Kaseorg f1b91e577e requirements: Include packages that pip-tools considers unsafe.
It’s unclear why pip-tools considers these packages unsafe, and
excluding them from being pinned has resulted in nondeterministic
output that makes our test suite unhappy.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-25 22:32:31 -07:00
Anders Kaseorg 9c49049c9e update-locked-requirements: Use pip-compile --no-header.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-25 15:03:20 -07:00
Anders Kaseorg 6822634d22 requirements: Remove editable flag from *.in.
Fixes #12374.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-25 15:03:20 -07:00
Anders Kaseorg fb9e9b76a8 requirements: When removing future requirement, leave it commented.
futures is no longer there to be removed.  Be clear about why we’re
removing future (it was never a “pip-tools bug”), and leave evidence
behind to help indicate how long that will be needed.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-25 15:03:20 -07:00
Anders Kaseorg bd7ef1be51 test-locked-requirements: Improve logged output.
Run pip-compile with --quiet so we don’t have to redirect its stderr;
then we can see any exceptions it might throw.  Print any resulting
diff in the right order and without extra newlines separating each
line.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-25 15:03:20 -07:00
Anders Kaseorg a053a925b3 requirements: Upgrade pip-tools to 3.8.0; downgrade pip to 19.1.1.
These are not the latest versions, but pip-tools 3.9.0 or 4.0.0 fails
to resolve dependencies from Git URLs:

pip._internal.exceptions.DistributionNotFound: No matching distribution found for zulip==0.6.1_git (from -r requirements/common.in (line 135))

while pip 19.2 breaks pip-tools 3.8.0:

TypeError: __init__() got an unexpected keyword argument 'find_links'

Fixes #10802.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-25 15:03:20 -07:00
Anders Kaseorg d79555e9be update-locked-requirements: Fix shellcheck warnings.
In tools/update-locked-requirements line 66:
compile_requirements requirements/prod.in $OUTPUT_BASE_DIR/prod.txt
                                          ^-- SC2086: Double quote to prevent globbing and word splitting.

In tools/update-locked-requirements line 67:
compile_requirements requirements/dev.in $OUTPUT_BASE_DIR/dev.txt
                                         ^-- SC2086: Double quote to prevent globbing and word splitting.

In tools/update-locked-requirements line 68:
compile_requirements requirements/mypy.in $OUTPUT_BASE_DIR/mypy.txt
                                          ^-- SC2086: Double quote to prevent globbing and word splitting.

In tools/update-locked-requirements line 69:
compile_requirements requirements/docs.in $OUTPUT_BASE_DIR/docs.txt
                                          ^-- SC2086: Double quote to prevent globbing and word splitting.

In tools/update-locked-requirements line 70:
compile_requirements requirements/thumbor.in $OUTPUT_BASE_DIR/thumbor.txt py2
                                             ^-- SC2086: Double quote to prevent globbing and word splitting.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:27 -07:00
Harshit Bansal e75f0c1ee4 requirements: Rename requirements files.
This commit renames various source requirements files like `dev.txt`,
`mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements
files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt`
etc. This will help in emphasizing to the user that *.in are actually
input to `update-locked-requirements` tool which should be run after
updating any of these.
2017-11-21 02:38:26 +05:30
Harshit Bansal 95b3f2e745 requirements: Add mypy.txt and docs.txt to locked requirements framework. 2017-11-21 02:38:26 +05:30
Aditya Bansal dd037df2c4 thumbor: Add dependencies and virtualenv setup script.
In this commit we add new dependencies needed for running thumbor.
Also we add the script for creating the virtual environment ready
for thumbor.
Note: Thumbor will use python2 and thus have different virtualenv
dedicated to it.
Credits to @TigorC and @joshland as well for there work on this.
2017-11-16 22:38:29 -08:00
Aditya Bansal 66060c703c update-locked-requirements: Add py2 option to compile requirements.
In this commit we add a new option which could be used to specify
python version. When 'py2' is specified, future/futures are not
removed from the requirements lock file generated.
2017-11-16 22:34:14 -08:00
Harshit Bansal 0391619f48 tools: Modify `update-locked-requirements` to take optional arguments.
This commit modifies the `update-locked-requirements` tool to take
output file path as optional arguments.
2017-10-11 22:44:54 -07:00
Greg Price ceca96899a deps: Adjust the header comments in lock files to reflect our tools. 2017-09-15 00:23:20 -07:00
Greg Price 7c5f3d7be1 deps: Refactor tools/update-locked-requirements to save repeating the filenames.
My first version of this just replaced the repeated list of two output
files with an array variable, but I decided `"${outputs[@]}"` was too
much to ask people to understand, and the alternative of `$outputs`,
unquoted, encourages bad habits of shell programming.  So just handle
one file at a time; the only at all expensive part here is `pip-compile`.

I am tempted to move this to Python, but holding back.
2017-09-15 00:23:20 -07:00
Greg Price a171f23d63 deps: Remove a redundant `deactivate`.
This has no effect except on the running shell; so at the end
of a script, it has no meaningful effect at all.
2017-09-15 00:23:20 -07:00
Greg Price b362e21ebb deps: Simplify tools/update-locked-requirements slightly.
This makes the code a little more concise and also more uniform,
treating `future` the same in prod and in dev.  The non-uniformity
looks like an oversight in 2be8a793e, one of the commits that updated
this code for the Python 3-only world.
2017-09-15 00:23:20 -07:00
Greg Price bab2078705 deps: Explain the `-e` oddness, and handle it uniformly. 2017-09-15 00:23:20 -07:00
Greg Price 806220cafa deps: Organize tools/update-locked-requirements a bit further.
A couple of remarks still reflected the Python 2 world; and the
"Remove the editable flag" comment was confusingly above a line
that it looks like it could be talking about, but isn't.
2017-09-15 00:23:20 -07:00
rht 0a469fd4c8 requirements: Lock prod.txt instead of its py3_common dependency.
`py3_common.txt` is no longer locked.
2017-08-22 10:10:57 -07:00
rht 80f4ba7a76 requirements: Replace py3_dev.txt with dev_lock.txt. 2017-08-22 10:10:57 -07:00
rht 2be8a793e4 Lock the recursive requirements in dev.txt via pip-compile.
First, all the lines of py3_dev.txt except for mypy.txt are mv-ed to
dev.txt. Then dev_lock.txt is generated from dev.txt to be used by
py3_dev.txt. `click` is removed from moto.txt since it is already a
dependency of several libraries and will appear as an autogenerated
dependency.
2017-08-21 18:24:55 -07:00
Greg Price d3a69da829 py3: Fix or remove (almost) all references to Python 2 venv in docs.
I think soon we'll put the Python 3 venv at `/srv/zulip-venv` and
make `/srv/zulip-py3-venv` just an alias to that (then remove the
alias too), but for now the old name is helpful for spotting places
that need an update.

The `/srv/zulip-venv` name still appears in codepaths used by Travis
tests.
2017-08-08 15:48:12 -07:00
rht 8aaf34d06d Lock the recursive requirements in common.txt via pip-compile.
The commit is composed of: (1) distill out top-level dependencies in
common.txt, (2) add -e flag to the vcs-based packages because
pip-compile can't do without, (3) pip-compile/generate the locked files
then remove the -e flags from the lockfile, (4) pin pathlib2 to dev.txt
because it turns out it is a direct requirement of
documentation_crawler, (5) document the structure and add an automation
script (6) remove cryptography==1.9 from requirements/scrapy.txt since
cryptography is automatically added from pyopenssl (7) add sed command
to remove future/futures from the generated lock file in python3 (this
should have been automatically handled by pip-compile, so pending for
the feature from pip-compile)

Tweaked by tabbott to update PROVISION_VERSION and add a missing
`first` dependency.
2017-07-05 23:47:07 -07:00