forked from aws/aws-dynamodb-encryption-python
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtox.ini
474 lines (428 loc) · 14.6 KB
/
tox.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
[tox]
envlist =
py{36,37,38,39,310}-{local,integ,ddb,examples}-fast,
nocmk, sourcebuildcheck,
docs, bandit, doc8, readme,
flake8{,-tests,-examples}, pylint{,-tests,-examples},
vulture,
test-upstream-requirements-py{2,3}7
# Additional environments:
#
# vulture :: Runs vulture. Prone to false-positives.
# linters :: Runs all linters over all source code.
# linters-tests :: Runs all linters over all tests.
# Autoformatter helper environments:
#
# autoformat : Apply all autoformatters
#
# black-check : Check for "black" issues
# blacken : Fix all "black" issues
#
# isort-seed : Generate a known_third_party list for isort.
# NOTE: make the "known_third_party = " line in setup.cfg before running this
# NOTE: currently it incorrectly identifies this library too; make sure you remove it
# isort-check : Check for isort issues
# isort : Fix isort issues
# Operational helper environments:
#
# docs :: Builds Sphinx documentation.
# serve-docs :: Starts local webserver to serve built documentation.
# park :: Builds name-parking packages using pypi-parker.
# build :: Builds source and wheel dist files.
# test-release :: Builds dist files and uploads to testpypi pypirc profile.
# release :: Builds dist files and uploads to pypi pypirc profile.
# Reporting environments:
#
# coverage :: Runs code coverage, failing the build if coverage is below the configured threshold
[testenv:base-command]
commands = pytest --basetemp={envtmpdir} -l {posargs}
[testenv]
passenv =
# Identifies AWS KMS key id to use in integration tests
AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \
# Identifies AWS KMS MRK key ids to use in integration tests
AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID \
AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \
# DynamoDB Table to use in integration tests
DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \
# Pass through AWS credentials
AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \
# AWS Role access in CodeBuild is via the contaner URI
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \
# Pass through AWS profile name (useful for local testing)
AWS_PROFILE \
# Pass through the default AWS region (used for integration tests)
AWS_DEFAULT_REGION
sitepackages = False
deps = -rtest/requirements.txt
# 'download' forces tox to always upgrade pip to the latest
download = true
commands =
# Only run small test scenario sets
local-fast: {[testenv:base-command]commands} test/ -m "local and not slow and not veryslow and not nope"
integ-fast: {[testenv:base-command]commands} test/ -m "integ and not ddb_integ and not slow and not veryslow and not nope"
ddb-fast: {[testenv:base-command]commands} test/ -m "ddb_integ and not slow and not veryslow and not nope"
all-fast: {[testenv:base-command]commands} test/ -m "not slow and not veryslow and not nope"
# Also run moderately large test scenario sets
local-slow: {[testenv:base-command]commands} test/ -m "local and not veryslow and not nope"
integ-slow: {[testenv:base-command]commands} test/ -m "integ and not ddb_integ and not veryslow and not nope"
ddb-slow: {[testenv:base-command]commands} test/ -m "ddb_integ and not veryslow and not nope"
all-slow: {[testenv:base-command]commands} test/ -m "not veryslow and not nope"
# Only run those tests that need to be isolated in Travis CI
travis-isolation: {[testenv:base-command]commands} test/ -m travis_isolation
travis-local-slow: {[testenv:base-command]commands} test/ -m "local and not veryslow and not nope and not travis_isolation"
travis-integ-slow: {[testenv:base-command]commands} test/ -m "integ and not ddb_integ and not veryslow and not nope and not travis_isolation"
# Also run very large test scenario sets
local-full: {[testenv:base-command]commands} test/ -m "local and not nope"
integ-full: {[testenv:base-command]commands} test/ -m "integ and not ddb_integ and not nope"
ddb-full: {[testenv:base-command]commands} test/ -m "ddb_integ and not nope"
all-full: {[testenv:base-command]commands} test/ -m "not nope"
# Only run extremely large test scenario sets
local-nope: {[testenv:base-command]commands} test/ -m "local and nope"
integ-nope: {[testenv:base-command]commands} test/ -m "integ and not ddb_integ and nope"
ddb-nope: {[testenv:base-command]commands} test/ -m "ddb_integ and nope"
all-nope: {[testenv:base-command]commands} test/ -m "nope"
# Do not select any specific markers
manual: {[testenv:base-command]commands}
# Only run examples tests
examples: {[testenv:base-command]commands} examples/test/ -m "examples"
# Run code coverage on the unit tests
[testenv:coverage]
commands = {[testenv:base-command]commands} --cov dynamodb_encryption_sdk test/ -m "local and not slow and not veryslow and not nope"
# Verify that local tests work without environment variables present
[testenv:nocmk]
basepython = python3
sitepackages = False
#########################################################
# Do not pass through or set any environment variables! #
passenv =
setenv =
#########################################################
deps = -rtest/requirements.txt
commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples
# Collect requirements for use in upstream tests
[testenv:freeze-upstream-requirements-base]
sitepackages = False
skip_install = True
recreate = True
deps =
commands = {toxinidir}/test/freeze-upstream-requirements.sh
# Freeze for Python 3.7
[testenv:freeze-upstream-requirements-py37]
basepython = python3.7
sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages}
skip_install = {[testenv:freeze-upstream-requirements-base]skip_install}
recreate = {[testenv:freeze-upstream-requirements-base]recreate}
deps = {[testenv:freeze-upstream-requirements-base]deps}
commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt
# Test frozen upstream requirements
[testenv:test-upstream-requirements-base]
sitepackages = False
recreate = True
passenv =
commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples
# Test frozen upstream requirements for Python 3.7
[testenv:test-upstream-requirements-py37]
basepython = python3.7
passenv =
deps = -rtest/upstream-requirements-py37.txt
sitepackages = {[testenv:test-upstream-requirements-base]sitepackages}
recreate = {[testenv:test-upstream-requirements-base]recreate}
commands = {[testenv:test-upstream-requirements-base]commands}
# Verify that tests can be successfully run from the source build.
[testenv:sourcebuildcheck]
basepython = python3
sitepackages = False
recreate = True
deps =
{[testenv:build]deps}
commands =
{[testenv:build]commands}
{toxinidir}/test/source-build-check.sh {envtmpdir} {toxinidir}/dist
# mypy
[testenv:mypy-coverage]
commands =
# Make mypy linecoverage report readable by coverage
python -c \
"t = open('.coverage', 'w');\
c = open('build/coverage.json').read();\
t.write('!coverage.py: This is a private format, don\'t read it directly!\n');\
t.write(c);\
t.close()"
coverage report -m
[testenv:mypy-common]
basepython = python3
deps =
coverage
mypy
mypy_extensions
typing>=3.6.2
[testenv:mypy-py3]
basepython = {[testenv:mypy-common]basepython}
deps = {[testenv:mypy-common]deps}
commands =
python -m mypy \
--linecoverage-report build \
src/dynamodb_encryption_sdk/ \
{posargs}
{[testenv:mypy-coverage]commands}
# Linters
[testenv:flake8]
basepython = python3
deps =
flake8
flake8-docstrings
flake8-isort
# https://github.com/PyCQA/pydocstyle/issues/375
pydocstyle<4.0.0
# https://github.com/JBKahn/flake8-print/pull/30
flake8-print>=3.1.0
commands =
flake8 \
src/dynamodb_encryption_sdk/ \
setup.py \
doc/conf.py
[testenv:flake8-tests]
basepython = {[testenv:flake8]basepython}
deps = {[testenv:flake8]deps}
commands =
flake8 \
# Ignore F811 redefinition errors in tests (breaks with pytest-mock use)
# Ignore D101-107 docstring requirements for tests
# E203 is not PEP8 compliant https://github.com/ambv/black#slices
# W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators
--ignore F811,D101,D102,D103,D107,E203,W503 \
test/
[testenv:flake8-examples]
basepython = {[testenv:flake8]basepython}
deps = {[testenv:flake8]deps}
commands =
flake8 \
# Ignore C901 complexity requirements (examples optimize for straightforward readability)
--ignore C901 \
examples/src/dynamodb_encryption_sdk_examples/
flake8 \
# Ignore F811 redefinition errors in tests (breaks with fixture use)
# Ignore D103 docstring requirements for tests
--ignore F811,D103 \
# Our path munging confuses isort, so disable flake8-isort checks on that file
--per-file-ignores="examples/test/examples_test_utils.py:I003,I004,I005,examples/test/test_aws_kms_encrypted_examples.py:I005" \
examples/test/
[testenv:pylint]
basepython = python3
deps =
{[testenv]deps}
pyflakes
pylint
commands =
pylint \
--rcfile=src/pylintrc \
src/dynamodb_encryption_sdk/ \
setup.py \
doc/conf.py
[testenv:pylint-tests]
basepython = {[testenv:pylint]basepython}
deps = {[testenv:pylint]deps}
commands =
pylint \
--rcfile=test/pylintrc \
test/unit/ \
test/acceptance/ \
test/functional/ \
test/integration/
[testenv:pylint-examples]
basepython = {[testenv:pylint]basepython}
deps = {[testenv:pylint]deps}
commands =
pylint --rcfile=examples/src/pylintrc examples/src/dynamodb_encryption_sdk_examples
pylint --rcfile=examples/test/pylintrc examples/test/
[testenv:blacken-src]
basepython = python3
deps =
black
commands =
black --line-length 120 \
src/dynamodb_encryption_sdk/ \
setup.py \
doc/conf.py \
test/ \
examples/src \
examples/test \
{posargs}
[testenv:blacken]
basepython = python3
deps =
{[testenv:blacken-src]deps}
commands =
{[testenv:blacken-src]commands}
[testenv:black-check]
basepython = python3
deps =
{[testenv:blacken]deps}
commands =
{[testenv:blacken-src]commands} --diff
[testenv:isort-seed]
basepython = python3
deps = seed-isort-config
commands = seed-isort-config
[testenv:isort]
basepython = python3
# We need >=5.0.0 because
# several configuration settings changed with 5.0.0
deps = isort>=5.0.0
commands = isort \
src \
test \
examples/src \
examples/test \
doc \
setup.py \
--skip examples/test/examples_test_utils.py \
{posargs}
[testenv:isort-check]
basepython = python3
deps = {[testenv:isort]deps}
commands = {[testenv:isort]commands} -c
[testenv:autoformat]
basepython = python3
deps =
{[testenv:isort]deps}
{[testenv:blacken]deps}
commands =
{[testenv:isort]commands}
{[testenv:blacken]commands}
# Clear out any generated files from doc/
[testenv:resetdocs]
whitelist_externals =
mkdir
rm
commands =
# Make sure that the directory exists to avoid
# potential side effects of using rm -f
mkdir -p {toxinidir}/doc/lib/generated
rm -r {toxinidir}/doc/lib/generated
[testenv:doc8]
basepython = python3
whitelist_externals = {[testenv:resetdocs]whitelist_externals}
deps =
sphinx
doc8
commands =
{[testenv:resetdocs]commands}
doc8 doc/index.rst doc/lib/ README.rst CHANGELOG.rst
[testenv:readme]
basepython = python3
deps = readme_renderer
commands = python setup.py check -r -s
[testenv:bandit]
basepython = python3
deps = bandit
commands = bandit -r src/dynamodb_encryption_sdk/
# Prone to false positives: only run independently
[testenv:vulture]
basepython = python3
deps = vulture
commands = vulture src/dynamodb_encryption_sdk/
[testenv:linters]
basepython = python3
deps =
{[testenv:flake8]deps}
{[testenv:pylint]deps}
{[testenv:doc8]deps}
{[testenv:readme]deps}
{[testenv:bandit]deps}
commands =
{[testenv:flake8]commands}
{[testenv:pylint]commands}
{[testenv:doc8]commands}
{[testenv:readme]commands}
{[testenv:bandit]commands}
[testenv:linters-tests]
basepython = python3
deps =
{[testenv:flake8-tests]deps}
{[testenv:pylint-tests]deps}
commands =
{[testenv:flake8-tests]commands}
{[testenv:pylint-tests]commands}
# Documentation
[testenv:docs]
basepython = python3
deps = -rdoc/requirements.txt
commands =
sphinx-build -E -c doc/ -b html doc/ doc/build/html
sphinx-build -E -c doc/ -b linkcheck doc/ doc/build/html
[testenv:serve-docs]
basepython = python3
skip_install = true
changedir = doc/build/html
deps =
commands =
python -m http.server {posargs}
# Release tooling
[testenv:park]
basepython = python3
skip_install = true
deps =
pypi-parker
setuptools
commands = python setup.py park
# Release tooling
[testenv:build]
basepython = python3
skip_install = true
deps =
wheel
setuptools
commands =
python setup.py sdist bdist_wheel
[testenv:release-base]
basepython = python3
skip_install = true
deps =
{[testenv:build]deps}
twine
passenv =
# Intentionally omit TWINE_REPOSITORY_URL from the passenv list,
# as this overrides other ways of setting the repository and could
# unexpectedly result in releasing to the wrong repo
{[testenv]passenv} \
TWINE_USERNAME \
TWINE_PASSWORD
commands =
{[testenv:build]commands}
[testenv:release-private]
basepython = python3
skip_install = true
deps = {[testenv:release-base]deps}
passenv =
{[testenv:release-base]passenv} \
TWINE_REPOSITORY_URL
setenv =
# Explicitly set the URL as the env variable value, which will cause us to
# throw an error if the variable is not set. Otherwise, omission of the
# env variable could cause us to unintentionally upload to the wrong repo
TWINE_REPOSITORY_URL = {env:TWINE_REPOSITORY_URL}
commands =
{[testenv:release-base]commands}
# Omitting an explicit repository will cause twine to use the repository
# specified in the environment variable
twine upload --skip-existing {toxinidir}/dist/*
[testenv:test-release]
basepython = python3
skip_install = true
deps = {[testenv:release-base]deps}
passenv =
{[testenv:release-base]passenv}
commands =
{[testenv:release-base]commands}
twine upload --skip-existing --repository testpypi {toxinidir}/dist/*
[testenv:release]
basepython = python3
skip_install = true
deps = {[testenv:release-base]deps}
passenv =
{[testenv:release-base]passenv}
commands =
{[testenv:release-base]commands}
twine upload --skip-existing --repository pypi {toxinidir}/dist/*