⛓🔒 Bump transitive deps in pip-tools-managed lockfiles #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
Please mark the PR as ready for review to trigger PR checks. |
github-actions
bot
force-pushed
the
maintenance/pip-tools-constraint-lockfiles
branch
from
da462c6 to
dbf00bc
Compare
|
Please mark the PR as ready for review to trigger PR checks. |
webknjaz
force-pushed
the
devel
branch
2 times, most recently
from
e17d2a6 to
bd9e8c4
Compare
The setup includes:
* a yamllint config
* an RTD config
* a gitignore
* a "blame ignore"
* lock files in the `dependencies/` dir
* basic Sphinx config
* basic docs site
* Furo Sphinx theme
* "Communication" document
* tox environments print out instructions on viewing the results
* a tox workflow config having environments for
* building docs
* running tests
* pip-compile
* making lock files
* integrating per-platform lock files
* basic linting configs
* MyPy with implicit namespaces support [[1]]
Its runs generate HTML, XML and text coverage reports.
It is also configured to work with src-layout.
* pytest config with coverage
* Coverage.py is configured to exclude tests marked with
`xfail` due to their non-deterministic nature
* Local runs generate HTML coverage reports
* CI/CD setup
* publishing to PyPI is limited to the upstream repo ID
* continuous publishing to TestPyPI is disabled
* digital attestations are uploaded to PyPI and TestPyPI
* publishing to PyPI is triggered by entering the target
version on the GitHub UI
* publishing to PyPI is gated by approving the job on
the GitHub UI
* Git tags are created post publishing to PyPI
* SLSA provenance metadata and GitHub-native attestations are
produced post-release
* GitHub Release and Discussion are auto-created post-release
* Containing provenance metadata and dists attached
* tox environments are configured to surface exported outcomes
into GitHub Actions job summaries
* tox environments set outputs that integrate with GitHub
Actions
* refreshing lock files periodically
* coverage reports produced by MyPy and pytest are published
to Codecov
* test reports produced by pytest are published to Codecov
* Codecov is set up to require that patches have 100% pytest
coverage
* uploading to Codecov is set up to fail CI if report upload
are unsuccessful upstream
* tox reusable workflow has a customizable job (status) name
* tox reusable workflow has a `voting` input
* tox reusable workflow can accept posargs inputs for
a regular tox and re-run
* tox reusable workflow has an input for setting environment
variables
* all CI jobs have timeouts set to improve responsiveness and
reduce wasting resources
* nightly runs are executed through a separate workflow to
prevent the main one from being auto-disabled on inactivity
* all CI job names and other UI elements have icons
[1]: https://mypy.rtfd.io/en/stable/running_mypy.html#mapping-paths-to-modules
Co-Authored-By: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
Co-Authored-By: Sviatoslav Sydorenko <webknjaz@redhat.com>
Co-Authored-By: Thanhnguyet Vo <thavo@redhat.com>
This is not an `__init__.py` because it is meant to be imported instead. Using `__init__.py` has a risk of accidentally adding import-time computations. We want to avoid that.
TODO: revert this commit ASAP
TODO: revert this commit ASAP
github-actions
bot
force-pushed
the
maintenance/pip-tools-constraint-lockfiles
branch
from
dbf00bc to
4c02a32
Compare
|
Please mark the PR as ready for review to trigger PR checks. |
webknjaz
force-pushed
the
devel
branch
2 times, most recently
from
89e0b9f to
2c2d0f4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automated pip-tools-managed pip constraint lockfiles update.