openstack
/
designate
Code Issues Proposed changes

[stable-only] Cap bandit and fix lowwer-constraints 

bandit 1.6.3 [1] release has dropped support for py2 [2] but the
release is faulty and pip still picks it up for py2 [3][4], so cap to
1.6.2 when using py2.

With the new pip dependency resolver (introduced in pip 20.3) the
lower-constraints job started to fail. Problem is here with the
'install_command' in tox.ini, which uses both the upper- and lower-
constraints files, causing the job to fail. This patch adds separate
install_command without the upper constraints, so that only the
lower-constraints.txt is used.

[1] https://github.com/PyCQA/bandit/releases/tag/1.6.3
[2] https://github.com/PyCQA/bandit/pull/615
[3] https://github.com/PyCQA/bandit/issues/663
[4] https://github.com/PyCQA/bandit/issues/665

Change-Id: If8738f5005e60cf46ed93edbefa272bc2611b53f
This commit is contained in:
Elod Illes 2021-01-15 19:32:16 +01:00
parent 6307c84e83
commit 8654415091
4 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/requirements.txt
View File

@ -1,7 +1,8 @@
# The order of packages is significant, because pip processes them in the order # The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration # of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later. # process, which may cause wedges in the gate later.
sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
sphinxcontrib-httpdomain>=1.3.0 # BSD sphinxcontrib-httpdomain>=1.3.0 # BSD
sphinxcontrib-blockdiag>=1.5.4 # BSD sphinxcontrib-blockdiag>=1.5.4 # BSD
reno>=2.5.0 # Apache-2.0 reno>=2.5.0 # Apache-2.0

3
requirements.txt
View File

@ -44,7 +44,8 @@ oslo.i18n>=3.15.3 # Apache-2.0
oslo.context>=2.19.2 # Apache-2.0 oslo.context>=2.19.2 # Apache-2.0
oslo.policy>=1.30.0 # Apache-2.0 oslo.policy>=1.30.0 # Apache-2.0
Werkzeug>=0.9 # BSD License Werkzeug>=0.9 # BSD License
python-memcached>=1.56 # PSF python-memcached>=1.56;python_version=='2.7' # PSF
python-memcached>=1.56;python_version>='3.4' # PSF
tooz>=1.58.0 # Apache-2.0 tooz>=1.58.0 # Apache-2.0
debtcollector>=1.2.0 # Apache-2.0 debtcollector>=1.2.0 # Apache-2.0
os-win>=3.0.0 # Apache-2.0 os-win>=3.0.0 # Apache-2.0

3
test-requirements.txt
View File

@ -15,7 +15,8 @@ testscenarios>=0.4 # Apache-2.0/BSD
WebTest>=2.0.27 # MIT WebTest>=2.0.27 # MIT
tempest>=17.1.0 # Apache-2.0 tempest>=17.1.0 # Apache-2.0
# Bandit security code scanner # Bandit security code scanner
bandit>=1.1.0 # Apache-2.0 bandit>=1.1.0,<1.6.3;python_version=='2.7' # Apache-2.0
bandit>=1.1.0;python_version>='3.5' # Apache-2.0
zake>=0.1.6 # Apache-2.0 zake>=0.1.6 # Apache-2.0
doc8>=0.6.0 # Apache-2.0 doc8>=0.6.0 # Apache-2.0
Pygments>=2.2.0 # BSD license Pygments>=2.2.0 # BSD license

1
tox.ini
View File

@ -190,6 +190,7 @@ import_exceptions = designate.i18n
[testenv:lower-constraints] [testenv:lower-constraints]
basepython = python3 basepython = python3
install_command = pip install {opts} {packages}
deps = deps =
-c{toxinidir}/lower-constraints.txt -c{toxinidir}/lower-constraints.txt
-r{toxinidir}/test-requirements.txt -r{toxinidir}/test-requirements.txt