Pin build dependencies and configure dependabot (aws#389)

lavaleri · lavaleri · commit d1487d3f2307 · 2021-12-17T12:08:26.000-08:00
* chore: Pin build dependencies and configure dependabot

* Ignore flake8 document linting on tests

* Unpin decrypt_oracle dependencies for now

* Pin tox

* Isolate pinned dependencies to dev_requirements dir
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,27 @@
+version: 2
+updates:
+  # master
+  - package-ecosystem: "pip"
+    directory: "/dev_requirements"
+    schedule:
+      interval: "daily"
+
+  # mainline-1.x
+  - package-ecosystem: "pip"
+    directory: "/dev_requirements"
+    schedule:
+      interval: "daily"
+    target-branch: "mainline-1.x"
+
+  # mainline-2.x
+  - package-ecosystem: "pip"
+    directory: "/dev_requirements"
+    schedule:
+      interval: "daily"
+    target-branch: "mainline-2.x"
+
+  # Github Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/ci_decrypt-oracle.yaml b/.github/workflows/ci_decrypt-oracle.yaml
@@ -18,7 +18,7 @@ jobs:
           python-version: 3.6
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: local
@@ -44,7 +44,7 @@ jobs:
             python-version: 3.8
         - run: |
             python -m pip install --upgrade pip
-            pip install --upgrade -r ci-requirements.txt
+            pip install --upgrade -r dev_requirements/ci-requirements.txt
         - name: run test
           env:
             TOXENV: ${{ matrix.category }}
diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml
@@ -33,7 +33,7 @@ jobs:
           python-version: 3.8
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: ${{ matrix.category }}
diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml
@@ -53,7 +53,7 @@ jobs:
           architecture: ${{ matrix.architecture }}
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: ${{ matrix.category }}
@@ -79,7 +79,7 @@ jobs:
             python-version: 3.8
         - run: |
             python -m pip install --upgrade pip
-            pip install --upgrade -r ci-requirements.txt
+            pip install --upgrade -r dev_requirements/ci-requirements.txt
         - name: run test
           env:
             TOXENV: ${{ matrix.category }}
diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml
@@ -59,7 +59,7 @@ jobs:
           architecture: ${{ matrix.architecture }}
       - run: |
           python -m pip install --upgrade pip
-          pip install --upgrade -r ci-requirements.txt
+          pip install --upgrade -r dev_requirements/ci-requirements.txt
       - name: run test
         env:
           TOXENV: ${{ matrix.category }}
@@ -79,7 +79,7 @@ jobs:
             python-version: 3.7
         - run: |
             python -m pip install --upgrade pip
-            pip install --upgrade -r ci-requirements.txt
+            pip install --upgrade -r dev_requirements/ci-requirements.txt
         - name: run test
           env:
             TOXENV: ${{ matrix.category }}
diff --git a/ci-requirements.txt b/ci-requirements.txt
diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt
@@ -0,0 +1 @@
+tox==3.24.4
diff --git a/dev_requirements/doc-requirements.txt b/dev_requirements/doc-requirements.txt
diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt
@@ -0,0 +1,13 @@
+bandit==1.7.0
+black==21.12b0
+doc8==0.10.1
+flake8==4.0.1
+flake8-bugbear==21.11.29
+flake8-docstrings==1.6.0
+flake8-print==4.0.0
+isort==5.10.1
+pyflakes==2.4.0
+pylint==2.12.2
+readme_renderer==32.0
+seed-isort-config==2.2.0
+vulture==2.3
diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt
@@ -0,0 +1,4 @@
+pypi-parker==0.1.2
+setuptools==59.6.0
+twine==3.7.1
+wheel==0.37.0
diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt
@@ -0,0 +1,4 @@
+mock==4.0.3
+pytest==6.2.5
+pytest-cov==3.0.0
+pytest-mock==3.6.1
diff --git a/test/freeze-upstream-requirements.sh b/test/freeze-upstream-requirements.sh
@@ -6,5 +6,5 @@ if [ -z ${1} ]; then
 fi
 
 pip install -r requirements.txt
-pip install -r test/requirements.txt
+pip install -r dev_requirements/test-requirements.txt
 pip freeze > ${1}
diff --git a/test/requirements.txt b/test/requirements.txt
diff --git a/tox.ini b/tox.ini
@@ -61,7 +61,7 @@ passenv =
     # Pass through custom pip config file settings
     PIP_CONFIG_FILE
 sitepackages = False
-deps = -rtest/requirements.txt
+deps = -rdev_requirements/test-requirements.txt
 commands =
     local: {[testenv:base-command]commands} test/ -m local
     integ: {[testenv:base-command]commands} test/ -m integ
@@ -83,7 +83,7 @@ sitepackages = False
 passenv =
 setenv =
 #########################################################
-deps = -rtest/requirements.txt
+deps = -rdev_requirements/test-requirements.txt
 commands = {[testenv:base-command]commands} test/ -m local
 
 # Collect requirements for use in upstream tests
@@ -137,27 +137,19 @@ commands = {[testenv:test-upstream-requirements-base]commands}
 # Linters
 [testenv:flake8]
 basepython = python3
-deps =
-    flake8
-    flake8-docstrings>=1.5.0
-    # https://github.com/JBKahn/flake8-print/pull/30
-    flake8-print>=3.1.0
-    flake8-bugbear
+deps = -rdev_requirements/linter-requirements.txt
 commands =
     flake8 src/aws_encryption_sdk/ setup.py
 
 [testenv:flake8-tests]
 basepython = {[testenv:flake8]basepython}
-deps =
-    flake8
-    # https://github.com/JBKahn/flake8-print/pull/30
-    flake8-print>=3.1.0
+deps = -rdev_requirements/linter-requirements.txt
 commands =
     flake8 \
         # Ignore F811 redefinition errors in tests (breaks with pytest-mock use)
         # E203 is not PEP8 compliant https://github.com/ambv/black#slices
         # W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators
-        --ignore F811,E203,W503 \
+        --ignore F811,E203,W503,D \
         test/
 
 [testenv:flake8-examples]
@@ -176,8 +168,7 @@ commands =
 basepython = python3
 deps =
     {[testenv]deps}
-    pyflakes
-    pylint
+    -rdev_requirements/linter-requirements.txt
 commands =
     pylint \
         --rcfile=src/pylintrc \
@@ -204,8 +195,7 @@ commands =
 
 [testenv:blacken-src]
 basepython = python3
-deps =
-    black
+deps = -rdev_requirements/linter-requirements.txt
 commands =
     black --line-length 120 \
         src/aws_encryption_sdk/ \
@@ -232,12 +222,12 @@ commands =
 
 [testenv:isort-seed]
 basepython = python3
-deps = seed-isort-config
+deps = -rdev_requirements/linter-requirements.txt
 commands = seed-isort-config
 
 [testenv:isort]
 basepython = python3
-deps = isort
+deps = -rdev_requirements/linter-requirements.txt
 commands = isort -rc \
     src \
     test \
@@ -264,25 +254,24 @@ commands =
 [testenv:doc8]
 basepython = python3
 deps =
-    sphinx
-    doc8
+    -rdev_requirements/linter-requirements.txt
+    -rdev_requirements/doc-requirements.txt
 commands = doc8 doc/index.rst README.rst CHANGELOG.rst
 
 [testenv:readme]
 basepython = python3
-deps = readme_renderer
+deps = -rdev_requirements/linter-requirements.txt
 commands = python setup.py check -r -s
 
 [testenv:bandit]
 basepython = python3
-deps = 
-    bandit>=1.5.1
+deps = -rdev_requirements/linter-requirements.txt
 commands = bandit -r src/aws_encryption_sdk/
 
 # Prone to false positives: only run independently
 [testenv:vulture]
 basepython = python3
-deps = vulture
+deps = -rdev_requirements/linter-requirements.txt
 commands = vulture src/aws_encryption_sdk/
 
 [testenv:linters]
@@ -321,7 +310,7 @@ commands =
 # Documentation
 [testenv:docs]
 basepython = python3
-deps = -rdoc/requirements.txt
+deps = -rdev_requirements/doc-requirements.txt
 commands =
     sphinx-build -E -c doc/ -b html doc/ doc/build/html
 
@@ -337,26 +326,20 @@ commands =
 [testenv:park]
 basepython = python3.6
 skip_install = true
-deps =
-    pypi-parker
-    setuptools
+deps = -rdev_requirements/release-requirements.txt
 commands = python setup.py park
 
 [testenv:build]
 basepython = python3
 skip_install = true
-deps =
-    wheel
-    setuptools
+deps = -rdev_requirements/release-requirements.txt
 commands =
     python setup.py sdist bdist_wheel
 
 [testenv:release-base]
 basepython = python3
 skip_install = true
-deps =
-    {[testenv:build]deps}
-    twine
+deps = -rdev_requirements/release-requirements.txt
 passenv =
     # Intentionally omit TWINE_REPOSITORY_URL from the passenv list,
     # as this overrides other ways of setting the repository and could
