-
Notifications
You must be signed in to change notification settings - Fork 48
Expand file tree
/
Copy pathpyproject.toml
More file actions
137 lines (128 loc) · 3.5 KB
/
pyproject.toml
File metadata and controls
137 lines (128 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
[project]
requires-python = ">=3.11"
name = "securedrop-workstation-dom0-config"
dynamic = [ "version", "classifiers" ]
description = ""
authors = [
{name = "SecureDrop Team", email = "securedrop@freedom.press"}
]
license = {text = "AGPLv3+"}
readme = "README.md"
[tool.poetry]
package-mode = false
requires-poetry = ">=2.1.0,<3.0.0"
[tool.poetry.group.dev.dependencies]
mypy = "^1.14.1"
pytest = "^8.3.4"
pytest-cov = "^6.0.0"
types-setuptools = "^75.6.0"
ruff = "^0.8.5"
python-debian = "^0.1.49"
pysequoia = "^0.1.25"
zizmor = "*"
python-systemd = "^0.0.9"
[tool.poetry.group.system-package-equivalents.dependencies]
# In production these are installed as a system package so match the
# versions exactly.
# NOTE: 'python_version' used as a proxy for the Qubes version:
# - python 3.11 => Fedora 37 => Qubes 4.2
# - python 3.13 => Fedora 41 => Qubes 4.3
PyQt5 = {version = "=5.15.9", markers = "python_version <= '3.11'" }
PyQt5-Qt5 = {version = "=5.15.2", markers = "python_version <= '3.11'" }
PyQt5-sip = {version = "=12.11.0", markers = "python_version <= '3.11'" }
PyQt6 = {version = "=6.8.1", markers = "python_version > '3.11'" }
PyQt6-sip = {version = "=13.9.1", markers = "python_version > '3.11'" }
[tool.ruff]
line-length = 100
[tool.ruff.lint]
select = [
# pycodestyle errors
"E",
# pyflakes
"F",
# isort
"I",
# flake8-gettext
"INT",
# flake8-pie
"PIE",
# pylint
"PL",
# flake8-pytest-style
"PT",
# flake8-pyi
"PYI",
# flake8-return
"RET",
# flake8-bandit
"S",
# flake8-simplify
"SIM",
# pyupgrade
"UP",
# pycodestyle warnings
"W",
# Unused noqa directive
"RUF100",
]
ignore = [
# code complexity checks that we fail
"PLR0911",
"PLR0913",
"PLR0915",
# magic-value-comparison, too many violations for now
"PLR2004",
# hardcoded passwords, false positive
"S105",
# it's fine to use /tmp in dom0, since it's not a multiuser environment
"S108",
# flags every instance of subprocess
"S603",
# we trust $PATH isn't hijacked
"S607",
# superflous-else- rules, find they hurt readability
"RET505",
"RET506",
"RET507",
"RET508",
]
[tool.ruff.lint.per-file-ignores]
"**/tests/**.py" = [
# Use of `assert` detected
"S101",
# Tests use /tmp
"S108",
# Use a regular `assert` instead of unittest-style `assertEqual`
"PT009",
]
"sdw_util/Util.py" = [
# lock functions return file handles, so it's safe to ignore here
"SIM115",
]
[tool.mypy]
python_version = "3.11"
# No stubs for qubesadmin
ignore_missing_imports = true
# These are individual scripts, not a package/modules
scripts_are_modules = true
files = [
"*.py",
"securedrop_salt/remove-tags.py",
"securedrop_salt/securedrop-login",
"scripts/*.py",
"files/*.py",
]
exclude = [
"launcher/", # Moving to sd-updater
"tests/",
]
[tool.pytest.ini_options]
addopts = "--cov-report term-missing --cov=sdw_notify --cov=sdw_updater --cov=sdw_util --junitxml=test-data.xml"
# Registering custom pytest markers for tests. Allows selecting or skipping by marked groups.
markers = [
"mime: checks for filetype/application associations; requires shell access",
"slow: long-running tests, longer than 1m in runtime",
"packages: checks that all packages are up to date; quite slow, generally",
"provisioning: checks that VMs exist and their extra-VM prefs are set correctly",
"configuration: assumes that VMs exist inspects their intra-VM files and folders",
]