mirror of
https://github.com/PR0M3TH3AN/SeedPass.git
synced 2025-09-07 14:58:56 +00:00
Use hashed requirements lock
This commit is contained in:
thePR0M3TH3AN
6
.github/workflows/briefcase.yml
vendored
6
.github/workflows/briefcase.yml
vendored
@@ -16,8 +16,10 @@ jobs:
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install -r src/requirements.txt
|
||||
pip install briefcase
|
||||
pip install pip-tools briefcase
|
||||
pip-compile --generate-hashes --output-file=requirements.lock src/requirements.txt
|
||||
git diff --exit-code requirements.lock
|
||||
pip install --require-hashes -r requirements.lock
|
||||
- name: Build with Briefcase
|
||||
run: briefcase build
|
||||
- name: Upload artifacts
|
||||
|
||||
6
.github/workflows/dependency-audit.yml
vendored
6
.github/workflows/dependency-audit.yml
vendored
@@ -19,7 +19,9 @@ jobs:
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install -r src/requirements.txt
|
||||
pip install pip-audit
|
||||
pip install pip-tools pip-audit
|
||||
pip-compile --generate-hashes --output-file=requirements.lock src/requirements.txt
|
||||
git diff --exit-code requirements.lock
|
||||
pip install --require-hashes -r requirements.lock
|
||||
- name: Run pip-audit
|
||||
run: pip-audit -r requirements.lock --ignore-vuln GHSA-wj6h-64fc-37mp
|
||||
|
||||
10
.github/workflows/python-ci.yml
vendored
10
.github/workflows/python-ci.yml
vendored
@@ -59,14 +59,16 @@ jobs:
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: ~/.cache/pip
|
||||
key: ${{ runner.os }}-pip-${{ hashFiles('src/requirements.txt') }}
|
||||
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.lock') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-pip-
|
||||
- name: Set up Python dependencies
|
||||
id: deps
|
||||
- name: Verify lockfile and install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install -r src/requirements.txt
|
||||
pip install pip-tools
|
||||
pip-compile --generate-hashes --output-file=requirements.lock src/requirements.txt
|
||||
git diff --exit-code requirements.lock
|
||||
pip install --require-hashes -r requirements.lock
|
||||
- name: Run pip-audit
|
||||
run: |
|
||||
pip install pip-audit
|
||||
|
||||
@@ -9,7 +9,7 @@ This project is written in **Python**. Follow these instructions when working wi
|
||||
```bash
|
||||
python3 -m venv venv
|
||||
source venv/bin/activate
|
||||
pip install -r src/requirements.txt
|
||||
pip install --require-hashes -r requirements.lock
|
||||
```
|
||||
|
||||
2. Run the test suite using **pytest**:
|
||||
|
||||
10
README.md
10
README.md
@@ -198,7 +198,7 @@ Follow these steps to set up SeedPass on your local machine.
|
||||
|
||||
```bash
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -r src/requirements.txt
|
||||
python -m pip install --require-hashes -r requirements.lock
|
||||
python -m pip install -e .
|
||||
```
|
||||
// 🔧 merged conflicting changes from codex/locate-command-usage-issue-in-seedpass vs beta
|
||||
@@ -572,10 +572,10 @@ initial setup:
|
||||
|
||||
## Running Tests
|
||||
|
||||
SeedPass includes a small suite of unit tests located under `src/tests`. **Before running `pytest`, be sure to install the test requirements.** Activate your virtual environment and run `pip install -r src/requirements.txt` to ensure all testing dependencies are available. Then run the tests with **pytest**. Use `-vv` to see INFO-level log messages from each passing test:
|
||||
SeedPass includes a small suite of unit tests located under `src/tests`. **Before running `pytest`, be sure to install the test requirements.** Activate your virtual environment and run `pip install --require-hashes -r requirements.lock` to ensure all testing dependencies are available. Then run the tests with **pytest**. Use `-vv` to see INFO-level log messages from each passing test:
|
||||
|
||||
```bash
|
||||
pip install -r src/requirements.txt
|
||||
pip install --require-hashes -r requirements.lock
|
||||
pytest -vv
|
||||
```
|
||||
|
||||
@@ -639,7 +639,7 @@ Mutation testing is disabled in the GitHub workflow due to reliability issues an
|
||||
|
||||
1. Install all development dependencies:
|
||||
```bash
|
||||
pip install -r src/requirements.txt
|
||||
pip install --require-hashes -r requirements.lock
|
||||
```
|
||||
|
||||
2. When `src/runtime_requirements.txt` changes, rerun:
|
||||
@@ -756,7 +756,7 @@ To review and merge these updates:
|
||||
```bash
|
||||
python3 -m venv venv
|
||||
source venv/bin/activate
|
||||
pip install -r src/requirements.txt
|
||||
pip install --require-hashes -r requirements.lock
|
||||
pytest
|
||||
```
|
||||
3. Merge the pull request once all checks pass.
|
||||
|
||||
@@ -185,7 +185,7 @@ When upgrading pip, use `python -m pip` inside the virtual environment so that p
|
||||
|
||||
```bash
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -r src/requirements.txt
|
||||
python -m pip install --require-hashes -r requirements.lock
|
||||
python -m pip install -e .
|
||||
```
|
||||
|
||||
@@ -452,11 +452,11 @@ Back in the Settings menu you can:
|
||||
|
||||
## Running Tests
|
||||
|
||||
SeedPass includes a small suite of unit tests located under `src/tests`. **Before running `pytest`, be sure to install the test requirements.** Activate your virtual environment and run `pip install -r src/requirements.txt` to ensure all testing dependencies are available. Then run the tests with **pytest**. Use `-vv` to see INFO-level log messages from each passing test:
|
||||
SeedPass includes a small suite of unit tests located under `src/tests`. **Before running `pytest`, be sure to install the test requirements.** Activate your virtual environment and run `pip install --require-hashes -r requirements.lock` to ensure all testing dependencies are available. Then run the tests with **pytest**. Use `-vv` to see INFO-level log messages from each passing test:
|
||||
|
||||
|
||||
```bash
|
||||
pip install -r src/requirements.txt
|
||||
pip install --require-hashes -r requirements.lock
|
||||
pytest -vv
|
||||
```
|
||||
|
||||
|
||||
2069
requirements.lock
2069
requirements.lock
File diff suppressed because it is too large
Load Diff
@@ -249,7 +249,7 @@ if ($LASTEXITCODE -ne 0) {
|
||||
Write-Error "Failed to upgrade pip"
|
||||
}
|
||||
|
||||
& "$VenvDir\Scripts\python.exe" -m pip install -r "src\requirements.txt"
|
||||
& "$VenvDir\Scripts\python.exe" -m pip install --require-hashes -r "requirements.lock"
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
Write-Warning "Failed to install Python dependencies. If errors mention C++, install Microsoft C++ Build Tools: https://visualstudio.microsoft.com/visual-cpp-build-tools/"
|
||||
Write-Error "Dependency installation failed."
|
||||
|
||||
@@ -140,9 +140,9 @@ main() {
|
||||
source "$VENV_DIR/bin/activate"
|
||||
|
||||
# 6. Install/Update Python dependencies
|
||||
print_info "Installing/updating Python dependencies from src/requirements.txt..."
|
||||
print_info "Installing/updating Python dependencies from requirements.lock..."
|
||||
pip install --upgrade pip
|
||||
pip install -r src/requirements.txt
|
||||
pip install --require-hashes -r requirements.lock
|
||||
pip install -e .
|
||||
print_info "Installing platform-specific Toga backend..."
|
||||
if [ "$OS_NAME" = "Linux" ]; then
|
||||
|
||||
Reference in New Issue
Block a user