-
Notifications
You must be signed in to change notification settings - Fork 50
/
tox.ini
132 lines (105 loc) · 2.96 KB
/
tox.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Tox (http://tox.testrun.org/) is a tool for running tests
# in multiple virtualenvs. This configuration file will run the
# test suite on all supported python versions. To use it, "pip install tox"
# and then run "tox" from this directory.
[tox]
envlist = lint, py38, py39, py310, py311, purepy311, py311-no-gpg, py311-test-gpg-fails
skipsdist = True
[testenv]
install_command =
pip install {opts} {packages}
passenv =
PYKCS11LIB
deps =
-r{toxinidir}/requirements-pinned.txt
-r{toxinidir}/requirements-test.txt
commands =
python -m tests.check_gpg_available
coverage run tests/aggregate_tests.py
coverage report -m --fail-under 70
[testenv:purepy311]
deps =
commands =
python -m tests.check_gpg_available
python -m tests.check_public_interfaces
[testenv:py311-no-gpg]
setenv =
GNUPG = nonexisting-gpg-for-testing
commands =
python -m tests.check_public_interfaces_gpg
[testenv:kms]
deps =
-r{toxinidir}/requirements-pinned.txt
-r{toxinidir}/requirements-kms.txt
passenv =
GOOGLE_APPLICATION_CREDENTIALS
commands =
python -m tests.check_kms_signers
[testenv:sigstore]
deps =
-r{toxinidir}/requirements-pinned.txt
-r{toxinidir}/requirements-sigstore.txt
commands =
python -m tests.check_sigstore_signer
# Check that importing securesystemslib._gpg.constants doesn't shell out.
[testenv:py311-test-gpg-fails]
setenv =
GNUPG = false
commands =
python -c "import securesystemslib._gpg.constants"
[testenv:lint]
deps =
-r{toxinidir}/requirements-pinned.txt
-r{toxinidir}/requirements-lint.txt
-r{toxinidir}/requirements-sigstore.txt
commands =
black --check --diff .
isort --check --diff .
pylint -j 0 --rcfile=pylintrc securesystemslib tests
bandit --recursive securesystemslib --exclude _vendor
mypy
# Requires docker running
[testenv:local-aws-kms]
deps =
-r{toxinidir}/requirements-pinned.txt
-r{toxinidir}/requirements-aws.txt
localstack
awscli
awscli-local
allowlist_externals =
localstack
bash
setenv =
AWS_ACCESS_KEY_ID = test
AWS_SECRET_ACCESS_KEY = test
AWS_ENDPOINT_URL = http://localhost:4566/
AWS_DEFAULT_REGION = us-east-1
commands_pre =
# Start virtual AWS KMS
localstack start --detached
localstack wait
# Create test keys
bash {toxinidir}/tests/scripts/init-aws-kms.sh
commands =
# Run tests
python -m tests.check_aws_signer
commands_post =
# Stop virtual AWS KMS
localstack stop
# Requires `vault`
# https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install
[testenv:local-vault]
deps =
-r{toxinidir}/requirements-pinned.txt
-r{toxinidir}/requirements-vault.txt
allowlist_externals =
bash
setenv =
VAULT_ADDR = http://localhost:8200
VAULT_TOKEN = test-root-token
commands_pre =
bash {toxinidir}/tests/scripts/init-vault.sh
commands =
python -m tests.check_vault_signer
commands_post =
bash {toxinidir}/tests/scripts/stop-vault.sh