diff options
author | Stephen Finucane <sfinucan@redhat.com> | 2020-12-08 10:20:19 +0000 |
---|---|---|
committer | Stephen Finucane <sfinucan@redhat.com> | 2021-01-12 09:38:24 +0000 |
commit | 83cd9b5b9c3b4c471b41190675f880599b78e44e (patch) | |
tree | 47d5cafe08c3aec7803b656bcfb013d9b067eca5 | |
parent | 6cf6d4a8f85fb3cdf6489e2a8785626bd5f0d807 (diff) | |
download | python-openstackclient-83cd9b5b9c3b4c471b41190675f880599b78e44e.tar.gz |
Fix lower-constraints job
pip 20.3 finally includes a proper dependency resolver. Its use is
causing the following error messages on the lower-constraints job:
ERROR: Cannot install ... because these package versions have
conflicting dependencies.
The conflict is caused by:
bandit 1.1.0 depends on PyYAML>=3.1.0
cliff 3.4.0 depends on PyYAML>=3.12
openstacksdk 0.52.0 depends on PyYAML>=3.13
Bump our lower constraint for PyYAML to resolve this issue. With that
resolved, we see a new issue:
ERROR: Could not find a version that satisfies the requirement
cryptography>=2.7 (from openstacksdk)
ERROR: No matching distribution found for cryptography>=2.7
This is less self-explanatory but looking at the lower-constraints for
openstacksdk 0.52.0 shows a dependency on cryptography 2.7 [1], meaning
we need to bump this also.
Next up, flake8-import-order seems to cause the dependency resolver to
go nuts, eventually ending with the following error message in a Python
3.6 environment:
Using cached enum34-1.1.2.zip (49 kB)
ERROR: Command errored out with exit status 1:
command: ...
cwd: ...
Complete output (9 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File ".../lib/python3.6/site-packages/setuptools/__init__.py", line 7, in <module>
import setuptools.distutils_patch # noqa: F401
File ".../lib/python3.6/site-packages/setuptools/distutils_patch.py", line 9, in <module>
import re
File "/usr/lib64/python3.6/re.py", line 142, in <module>
class RegexFlag(enum.IntFlag):
AttributeError: module 'enum' has no attribute 'IntFlag'
----------------------------------------
A quick Google suggests this is because the enum34 package is not
complete [2]. We shouldn't even be using it since our base virtualenv
should at least use Python 3.6, but I guess some dependency doesn't
properly restrict the dependency to <= Python 3.4. This is moved from
'test-requirements.txt' to 'tox.ini' since we don't need to use our
constraints machinery for linters.
Finally, the versions of bandit and hacking that pip is bringing in both
requires in a newer version of babel, which in turn requires a new
version of pytz.
Collecting hacking>=2.0.0
...
ERROR: Cannot install oslo.i18n because these package versions have
conflicting dependencies.
The conflict is caused by:
babel 2.9.0 depends on pytz>=2015.7
babel 2.8.1 depends on pytz>=2015.7
babel 2.8.0 depends on pytz>=2015.7
babel 2.7.0 depends on pytz>=2015.7
Seeing as we shouldn't be tracking bandit in
lower-constraints, I'm not sure why we're want to bump these
dependencies for just that. As above, we move these dependencies out of
'test-requirements' and into 'tox.ini' since we can do that for linters.
Modifications:
tox.ini
NOTE(stephenfin): A cap is placed on the version of hacking used to
prevent us bringing in 4.0.0, which requires additional fixes.
[1] https://opendev.org/openstack/openstacksdk/src/tag/0.52.0/requirements.txt#L19
[2] https://github.com/iterative/dvc/issues/1995#issuecomment-491889669
Change-Id: I8ec738fbcabc8d8553db79a876e5592576cd18fa
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
(cherry picked from commit 20769cd7b27d51da84a324a17922427eba5c6eac)
-rw-r--r-- | lower-constraints.txt | 4 | ||||
-rw-r--r-- | test-requirements.txt | 3 | ||||
-rw-r--r-- | tox.ini | 8 |
3 files changed, 8 insertions, 7 deletions
diff --git a/lower-constraints.txt b/lower-constraints.txt index 403ba4e0..d880484b 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -9,7 +9,7 @@ cliff==2.8.0 cmd2==0.8.0 contextlib2==0.4.0 coverage==4.0 -cryptography==2.1 +cryptography==2.7 ddt==1.0.1 debtcollector==1.2.0 decorator==4.4.1 @@ -110,7 +110,7 @@ python-watcherclient==2.5.0 python-zaqarclient==1.0.0 python-zunclient==3.6.0 pytz==2013.6 -PyYAML==3.12 +PyYAML==3.13 repoze.lru==0.7 requests-mock==1.2.0 requests==2.14.2 diff --git a/test-requirements.txt b/test-requirements.txt index 3dce687b..8b61a5c0 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,10 +1,8 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -hacking>=2.0.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 fixtures>=3.0.0 # Apache-2.0/BSD -flake8-import-order>=0.13 # LGPLv3 oslotest>=3.2.0 # Apache-2.0 requests>=2.14.2 # Apache-2.0 requests-mock>=1.2.0 # Apache-2.0 @@ -12,6 +10,5 @@ stestr>=1.0.0 # Apache-2.0 testtools>=2.2.0 # MIT tempest>=17.1.0 # Apache-2.0 osprofiler>=1.4.0 # Apache-2.0 -bandit!=1.6.0,>=1.1.0 # Apache-2.0 wrapt>=1.7.0 # BSD License ddt>=1.0.1 # MIT @@ -28,9 +28,13 @@ commands = {toxinidir}/tools/fast8.sh [testenv:pep8] +deps = + hacking>=2.0.0,<4.0.0 + bandit!=1.6.0,>=1.1.0 + flake8-import-order>=0.13 # LGPLv3 commands = - flake8 - bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 + flake8 + bandit -r openstackclient -x tests -s B105,B106,B107,B401,B404,B603,B606,B607,B110,B605,B101 [testenv:bandit] # This command runs the bandit security linter against the openstackclient |