diff --git a/.github/workflows/test-security.yml b/.github/workflows/test-security.yml index 0daf375de..42eda2647 100644 --- a/.github/workflows/test-security.yml +++ b/.github/workflows/test-security.yml @@ -31,7 +31,7 @@ jobs: run: pip install -r requirements-dev.txt - name: Check Python dependency security - run: safety check -r requirements.txt -r requirements-dev.txt -r requirements-build.txt -r requirements-license.txt -o bare + run: safety check -r requirements.txt -r requirements-dev.txt -r requirements-build.txt -o bare - name: Notify Discord of security testing result uses: sarisia/actions-status-discord@v1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 38a2c434d..ce8ff252c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -42,12 +42,10 @@ jobs: poetry export --without-hashes -o requirements.txt.check poetry export --without-hashes --with dev -o requirements-dev.txt.check poetry export --without-hashes --with build -o requirements-build.txt.check - poetry export --without-hashes --with license -o requirements-license.txt.check diff -q requirements.txt requirements.txt.check || \ diff -q requirements-dev.txt requirements-dev.txt.check || \ - diff -q requirements-build.txt requirements-build.txt.check || \ - diff -q requirements-license.txt requirements-license.txt.check > /dev/null + diff -q requirements-build.txt requirements-build.txt.check > /dev/null if [ $? = 1 ]; then echo "poetry export has some diff" exit 1 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7189e2baa..b2029f930 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,9 +34,3 @@ repos: language: python stages: [push] pass_filenames: false - - id: poetry-export-license - name: poetry-export-license - entry: poetry export --without-hashes --with license -o requirements-license.txt - language: python - stages: [push] - pass_filenames: false diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 09ffb1e92..7f7b1fa3c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -229,7 +229,6 @@ poetry update # 全部更新 poetry export --without-hashes -o requirements.txt # こちらを更新する場合は下3つも更新する必要があります。 poetry export --without-hashes --with dev -o requirements-dev.txt poetry export --without-hashes --with build -o requirements-build.txt -poetry export --without-hashes --with license -o requirements-license.txt ``` ## 静的解析 @@ -297,7 +296,7 @@ python -m pytest --snapshot-update シェルで以下のコマンドを実行することで脆弱性が診断されます。 ```bash -safety check -r requirements.txt -r requirements-dev.txt -r requirements-build.txt -r requirements-license.txt +safety check -r requirements.txt -r requirements-dev.txt -r requirements-build.txt ``` ## ビルド diff --git a/Dockerfile b/Dockerfile index 6fcb21d00..5b0d59b72 100644 --- a/Dockerfile +++ b/Dockerfile @@ -240,7 +240,8 @@ RUN sed -i "s/__version__ = \"latest\"/__version__ = \"${VOICEVOX_ENGINE_VERSION RUN sed -i "s/\"version\": \"999\\.999\\.999\"/\"version\": \"${VOICEVOX_ENGINE_VERSION}\"/" /opt/voicevox_engine/engine_manifest.json # Generate licenses.json -ADD ./requirements-license.txt /tmp/ +ADD ./requirements.txt /tmp/ +ADD ./requirements-dev.txt /tmp/ RUN < /opt/voicevox_engine/resources/engine_manifest_assets/dependency_licenses.json cp /opt/voicevox_engine/resources/engine_manifest_assets/dependency_licenses.json /opt/voicevox_engine/licenses.json EOF diff --git a/README.md b/README.md index a0a96c6d5..f46f1c95b 100644 --- a/README.md +++ b/README.md @@ -653,7 +653,6 @@ poetry update # 全部更新 poetry export --without-hashes -o requirements.txt # こちらを更新する場合は下3つも更新する必要があります。 poetry export --without-hashes --with dev -o requirements-dev.txt poetry export --without-hashes --with build -o requirements-build.txt -poetry export --without-hashes --with license -o requirements-license.txt ``` #### ライセンス diff --git a/build_util/create_venv_and_generate_licenses.bash b/build_util/create_venv_and_generate_licenses.bash index 58af05e29..4e3d25fe8 100644 --- a/build_util/create_venv_and_generate_licenses.bash +++ b/build_util/create_venv_and_generate_licenses.bash @@ -18,7 +18,9 @@ else source $VENV_PATH/bin/activate fi -pip install -r requirements-license.txt +pip install -r requirements.txt +# requirements-dev.txt でバージョン指定されている pip-licenses をインストールする +pip install "$(grep pip-licenses requirements-dev.txt | cut -f 1 -d ';')" python build_util/generate_licenses.py > "${OUTPUT_LICENSE_JSON_PATH}" deactivate diff --git a/poetry.lock b/poetry.lock index e110aadfa..565bf0b5a 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2680,4 +2680,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" python-versions = "~3.11" -content-hash = "18e3a44c6c4e334aab314133c69639035d21215ba11c66721349b400cede3182" +content-hash = "859da10df2e601d4dddba5b933ef3151e034c13969b0252d66d5620027c70d4e" diff --git a/pyproject.toml b/pyproject.toml index 167042483..f2453d18c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -71,14 +71,12 @@ httpx = "^0.27.0" # NOTE: required by fastapi.testclient.TestClient syrupy = "^4.6.1" types-pyyaml = "^6.0.12" safety = "^3.1.0" +pip-licenses = "4.4.0" # NOTE: must be specified exactly (c.f. #1281) pre-commit = "^2.16.0" [tool.poetry.group.build.dependencies] pyinstaller = "^5.13" -[tool.poetry.group.license.dependencies] -pip-licenses = "^4.4.0" - [build-system] requires = ["poetry-core"] build-backend = "poetry.core.masonry.api" diff --git a/requirements-dev.txt b/requirements-dev.txt index 51895ee43..ee2284251 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -56,6 +56,7 @@ numpy==1.26.4 ; python_version >= "3.11" and python_version < "3.12" packaging==24.0 ; python_version >= "3.11" and python_version < "3.12" pathspec==0.12.1 ; python_version >= "3.11" and python_version < "3.12" pexpect==4.9.0 ; python_version >= "3.11" and python_version < "3.12" +pip-licenses==4.4.0 ; python_version >= "3.11" and python_version < "3.12" pkginfo==1.10.0 ; python_version >= "3.11" and python_version < "3.12" platformdirs==4.2.2 ; python_version >= "3.11" and python_version < "3.12" pluggy==1.5.0 ; python_version >= "3.11" and python_version < "3.12" @@ -63,6 +64,7 @@ poetry-core==1.9.0 ; python_version >= "3.11" and python_version < "3.12" poetry-plugin-export==1.8.0 ; python_version >= "3.11" and python_version < "3.12" poetry==1.8.2 ; python_version >= "3.11" and python_version < "3.12" pre-commit==2.21.0 ; python_version >= "3.11" and python_version < "3.12" +prettytable==3.10.0 ; python_version >= "3.11" and python_version < "3.12" ptyprocess==0.7.0 ; python_version >= "3.11" and python_version < "3.12" pycodestyle==2.11.1 ; python_version >= "3.11" and python_version < "3.12" pycparser==2.22 ; python_version >= "3.11" and python_version < "3.12" @@ -106,5 +108,6 @@ unidiff==0.7.5 ; python_version >= "3.11" and python_version < "3.12" urllib3==2.2.1 ; python_version >= "3.11" and python_version < "3.12" uvicorn==0.29.0 ; python_version >= "3.11" and python_version < "3.12" virtualenv==20.26.2 ; python_version >= "3.11" and python_version < "3.12" +wcwidth==0.2.13 ; python_version >= "3.11" and python_version < "3.12" xattr==1.1.0 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "darwin" zipp==3.18.1 ; python_version >= "3.11" and python_version < "3.12" diff --git a/requirements-license.txt b/requirements-license.txt deleted file mode 100644 index de6854f80..000000000 --- a/requirements-license.txt +++ /dev/null @@ -1,30 +0,0 @@ -anyio==4.3.0 ; python_version >= "3.11" and python_version < "3.12" -cffi==1.16.0 ; python_version >= "3.11" and python_version < "3.12" -click==8.1.7 ; python_version >= "3.11" and python_version < "3.12" -colorama==0.4.6 ; python_version >= "3.11" and python_version < "3.12" and platform_system == "Windows" -cython==3.0.10 ; python_version >= "3.11" and python_version < "3.12" -fastapi-slim==0.111.0 ; python_version >= "3.11" and python_version < "3.12" -h11==0.14.0 ; python_version >= "3.11" and python_version < "3.12" -idna==3.7 ; python_version >= "3.11" and python_version < "3.12" -jinja2==3.1.4 ; python_version >= "3.11" and python_version < "3.12" -markupsafe==2.1.5 ; python_version >= "3.11" and python_version < "3.12" -numpy==1.26.4 ; python_version >= "3.11" and python_version < "3.12" -pip-licenses==4.4.0 ; python_version >= "3.11" and python_version < "3.12" -platformdirs==4.2.2 ; python_version >= "3.11" and python_version < "3.12" -prettytable==3.10.0 ; python_version >= "3.11" and python_version < "3.12" -pycparser==2.22 ; python_version >= "3.11" and python_version < "3.12" -pydantic==1.10.15 ; python_version >= "3.11" and python_version < "3.12" -pyopenjtalk @ git+https://github.com/VOICEVOX/pyopenjtalk@b35fc89fe42948a28e33aed886ea145a51113f88 ; python_version >= "3.11" and python_version < "3.12" -python-multipart==0.0.9 ; python_version >= "3.11" and python_version < "3.12" -pyworld==0.3.4 ; python_version >= "3.11" and python_version < "3.12" -pyyaml==6.0.1 ; python_version >= "3.11" and python_version < "3.12" -semver==3.0.2 ; python_version >= "3.11" and python_version < "3.12" -six==1.16.0 ; python_version >= "3.11" and python_version < "3.12" -sniffio==1.3.1 ; python_version >= "3.11" and python_version < "3.12" -soundfile==0.12.1 ; python_version >= "3.11" and python_version < "3.12" -soxr==0.3.7 ; python_version >= "3.11" and python_version < "3.12" -starlette==0.37.2 ; python_version >= "3.11" and python_version < "3.12" -tqdm==4.66.4 ; python_version >= "3.11" and python_version < "3.12" -typing-extensions==4.11.0 ; python_version >= "3.11" and python_version < "3.12" -uvicorn==0.29.0 ; python_version >= "3.11" and python_version < "3.12" -wcwidth==0.2.13 ; python_version >= "3.11" and python_version < "3.12"