-
Notifications
You must be signed in to change notification settings - Fork 272
/
pyproject.toml
152 lines (140 loc) · 4.28 KB
/
pyproject.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
[build-system]
# Dependabot cannot do `build-system.requires` (dependabot/dependabot-core#8465)
# workaround to get reproducibility and auto-updates:
# PIP_CONSTRAINT=requirements/build.txt python3 -m build ...
requires = ["hatchling"]
build-backend = "hatchling.build"
[project]
name = "tuf"
description = "A secure updater framework for Python"
readme = "README.md"
license = { text = "MIT OR Apache-2.0" }
requires-python = ">=3.8"
authors = [
{ email = "[email protected]" },
]
keywords = [
"authentication",
"compromise",
"key",
"revocation",
"secure",
"update",
"updater",
]
classifiers = [
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"License :: OSI Approved :: Apache Software License",
"License :: OSI Approved :: MIT License",
"Natural Language :: English",
"Operating System :: MacOS :: MacOS X",
"Operating System :: Microsoft :: Windows",
"Operating System :: POSIX",
"Operating System :: POSIX :: Linux",
"Programming Language :: Python",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Programming Language :: Python :: Implementation :: CPython",
"Topic :: Security",
"Topic :: Software Development",
]
dependencies = [
"requests>=2.19.1",
"securesystemslib~=1.0",
]
dynamic = ["version"]
[project.urls]
Documentation = "https://theupdateframework.readthedocs.io/en/stable/"
Homepage = "https://www.updateframework.com"
Issues = "https://github.com/theupdateframework/python-tuf/issues"
Source = "https://github.com/theupdateframework/python-tuf"
[tool.hatch.version]
path = "tuf/__init__.py"
[tool.hatch.build.targets.sdist]
include = [
"/docs",
"/examples",
"/tests",
"/tuf",
"/requirements",
"/tox.ini",
"/setup.py",
]
[tool.hatch.build.targets.wheel]
# The testing phase changes the current working directory to `tests` but the test scripts import
# from `tests` so the root directory must be added to Python's path for editable installations
dev-mode-dirs = ["."]
# Ruff section
# Read more here: https://docs.astral.sh/ruff/linter/#rule-selection
[tool.ruff]
line-length=80
[tool.ruff.lint]
select = ["ALL"]
ignore = [
# Rulesets we do not use at this moment
"COM",
"EM",
"FA",
"FIX",
"FBT",
"PERF",
"PT",
"PTH",
"TD",
"TRY",
# Individual rules that have been disabled
"ANN101", "ANN102", # nonsense, deprecated in ruff
"D400", "D415", "D213", "D205", "D202", "D107", "D407", "D413", "D212", "D104", "D406", "D105", "D411", "D401", "D200", "D203",
"ISC001", # incompatible with ruff formatter
"PLR0913", "PLR2004",
]
[tool.ruff.lint.per-file-ignores]
"tests/*" = [
"D", # pydocstyle: no docstrings required for tests
"E501", # line-too-long: embedded test data in "fmt: off" blocks is ok
"ERA001", # commented code is fine in tests
"RUF012", # ruff: mutable-class-default
"S", # bandit: Not running bandit on tests
"SLF001", # private member access is ok in tests
"T201", # print is ok in tests
]
"examples/*/*" = [
"D", # pydocstyle: no docstrings required for examples
"ERA001", # commented code is fine in examples
"INP001", # implicit package is fine in examples
"S", # bandit: Not running bandit on examples
"T201", # print is ok in examples
]
"verify_release" = [
"ERA001", # commented code is fine here
"S603", # bandit: this flags all uses of subprocess.run as vulnerable
"T201", # print is ok in verify_release
]
".github/scripts/*" = [
"T201", # print is ok in conformance client
]
[tool.ruff.lint.flake8-annotations]
mypy-init-return = true
# mypy section
# Read more here: https://mypy.readthedocs.io/en/stable/config_file.html#using-a-pyproject-toml-file
[tool.mypy]
warn_unused_configs = "True"
warn_redundant_casts = "True"
warn_unused_ignores = "True"
warn_unreachable = "True"
strict_equality = "True"
disallow_untyped_defs = "True"
disallow_untyped_calls = "True"
show_error_codes = "True"
disable_error_code = ["attr-defined"]
[[tool.mypy.overrides]]
module = [
"requests.*",
"securesystemslib.*",
]
ignore_missing_imports = "True"