Locking dependencies with pip-tools

2025-02-12 13:01:51 +00:00 · 2022-06-30 17:43:07 -04:00 · 2022-06-30 17:43:07 -04:00 · 9ce3ecc76c
commit 9ce3ecc76c
parent d0c3bdef55
3 changed files with 249 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -20,7 +20,7 @@ It is available to house members at [proxstar.csh.rit.edu](https://proxstar.csh.
 3. Make your changes locally, commit, and push to your fork
  - If you want to test locally, you should copy `config.py` to `config_local.py`, and talk to an RTP about filling in secrets.
  - Lint and format your local changes with `pylint proxstar` and `black proxstar`
-    - You'll need dependencies installed locally to do this. You should do that in a [venv](https://packaging.python.org/tutorials/installing-packages/#creating-virtual-environments) of some sort to keep your system clean. All the dependencies are listed in [requirements.txt](./requirements.txt), so you can install everything with `pip install -r requirements.txt`. You'll need python 3.6 at minimum, though things should work up to python 3.8.
+    - You'll need dependencies installed locally to do this. You should do that in a [venv](https://packaging.python.org/tutorials/installing-packages/#creating-virtual-environments) of some sort to keep your system clean. All the dependencies are listed in [requirements.txt](./requirements.txt), so you can install everything with `pip install -r requirements.txt`. You'll need python 3.8 at minimum. To add new dependencies, edit `requirements.in` and then run `pip-compile requirements.in` to update `requirements.txt`.
 4. Create a [Pull Request](https://help.github.com/en/articles/about-pull-requests) on this repo for our Webmasters to review

 ## Questions/Concerns
--- a/requirements.in
+++ b/requirements.in
@ -0,0 +1,29 @@
+black~=21.9b0
+csh-ldap==2.4.0
+click~=7.1.2
+ddtrace~=1.2.1
+flask==1.1.4
+jinja2==2.11.3
+flask-pyoidc==1.3.0
+gunicorn==20.0.4
+markupsafe==2.0.1
+paramiko==2.7.2
+proxmoxer==1.3.1
+pip-tools~=6.8.0
+psutil==5.8.0
+psycopg2-binary==2.9.3
+python-dateutil==2.8.1
+redis==3.5.3
+requests==2.25.1
+rq==1.10.1
+rq-dashboard==0.6.1
+rq-scheduler==0.10.0
+sqlalchemy==1.3.22
+sshtunnel==0.2.2
+tenacity==5.0.2
+websockify==0.9.0
+pylint==2.13.9
+pylint-quotes==0.2.3
+sentry-sdk[flask]
+sentry-sdk~=1.5.12
+python-dotenv==0.19.1
--- a/requirements.txt
+++ b/requirements.txt
@ -1,28 +1,230 @@
-black~=21.9b0
+#
+# This file is autogenerated by pip-compile with python 3.8
+# To update, run:
+#
+#    pip-compile requirements.in
+#
+alabaster==0.7.12
+    # via oic
+arrow==1.2.2
+    # via rq-dashboard
+astroid==2.11.6
+    # via pylint
+attrs==21.4.0
+    # via ddtrace
+bcrypt==3.2.2
+    # via paramiko
+beaker==1.11.0
+    # via oic
+black==21.12b0
+    # via -r requirements.in
+blinker==1.4
+    # via sentry-sdk
+build==0.8.0
+    # via pip-tools
+bytecode==0.13.0
+    # via ddtrace
+certifi==2022.6.15
+    # via
+    #   requests
+    #   sentry-sdk
+cffi==1.15.1
+    # via
+    #   bcrypt
+    #   cryptography
+    #   pynacl
+chardet==4.0.0
+    # via requests
+click==7.1.2
+    # via
+    #   -r requirements.in
+    #   black
+    #   flask
+    #   pip-tools
+    #   rq
+croniter==1.3.5
+    # via rq-scheduler
+cryptography==37.0.2
+    # via
+    #   paramiko
+    #   pyopenssl
 csh-ldap==2.4.0
-click~=7.1.2
-ddtrace~=1.2.1
+    # via -r requirements.in
+ddsketch==2.0.3
+    # via ddtrace
+ddtrace==1.2.1
+    # via -r requirements.in
+dill==0.3.5.1
+    # via pylint
+dnspython==2.2.1
+    # via srvlookup
 flask==1.1.4
-jinja2==2.11.3
+    # via
+    #   -r requirements.in
+    #   flask-pyoidc
+    #   rq-dashboard
+    #   sentry-sdk
 flask-pyoidc==1.3.0
+    # via -r requirements.in
+future==0.18.2
+    # via
+    #   oic
+    #   pyjwkest
 gunicorn==20.0.4
+    # via -r requirements.in
+idna==2.10
+    # via requests
+isort==5.10.1
+    # via pylint
+itsdangerous==1.1.0
+    # via flask
+jinja2==2.11.3
+    # via
+    #   -r requirements.in
+    #   flask
+lazy-object-proxy==1.7.1
+    # via astroid
+mako==1.2.1
+    # via oic
 markupsafe==2.0.1
+    # via
+    #   -r requirements.in
+    #   jinja2
+    #   mako
+mccabe==0.7.0
+    # via pylint
+mypy-extensions==0.4.3
+    # via black
+numpy==1.23.0
+    # via websockify
+oic==0.11.0.1
+    # via flask-pyoidc
+packaging==21.3
+    # via
+    #   build
+    #   ddtrace
 paramiko==2.7.2
-proxmoxer==1.1.1
+    # via
+    #   -r requirements.in
+    #   sshtunnel
+pathspec==0.9.0
+    # via black
+pep517==0.12.0
+    # via build
+pip-tools==6.8.0
+    # via -r requirements.in
+platformdirs==2.5.2
+    # via
+    #   black
+    #   pylint
+protobuf==4.21.2
+    # via
+    #   ddsketch
+    #   ddtrace
+proxmoxer==1.3.1
+    # via -r requirements.in
 psutil==5.8.0
+    # via -r requirements.in
 psycopg2-binary==2.9.3
-python-dateutil==2.8.1
-redis==3.5.3
-requests==2.25.1
-rq==1.10.1
-rq-dashboard==0.6.1
-rq-scheduler==0.10.0
-sqlalchemy==1.3.22
-sshtunnel==0.2.2
-tenacity==5.0.2
-websockify==0.9.0
+    # via -r requirements.in
+pyasn1==0.4.8
+    # via
+    #   pyasn1-modules
+    #   python-ldap
+pyasn1-modules==0.2.8
+    # via python-ldap
+pycparser==2.21
+    # via cffi
+pycryptodomex==3.15.0
+    # via
+    #   oic
+    #   pyjwkest
+pyjwkest==1.4.2
+    # via oic
 pylint==2.13.9
+    # via
+    #   -r requirements.in
+    #   pylint-quotes
 pylint-quotes==0.2.3
-sentry-sdk[flask]
-sentry-sdk~=1.5.12
+    # via -r requirements.in
+pynacl==1.5.0
+    # via paramiko
+pyopenssl==22.0.0
+    # via oic
+pyparsing==3.0.9
+    # via packaging
+python-dateutil==2.8.1
+    # via
+    #   -r requirements.in
+    #   arrow
+    #   croniter
 python-dotenv==0.19.1
+    # via -r requirements.in
+python-ldap==3.4.0
+    # via csh-ldap
+redis==3.5.3
+    # via
+    #   -r requirements.in
+    #   rq
+    #   rq-dashboard
+requests==2.25.1
+    # via
+    #   -r requirements.in
+    #   oic
+    #   pyjwkest
+rq==1.10.1
+    # via
+    #   -r requirements.in
+    #   rq-dashboard
+    #   rq-scheduler
+rq-dashboard==0.6.1
+    # via -r requirements.in
+rq-scheduler==0.10.0
+    # via -r requirements.in
+sentry-sdk[flask]==1.5.12
+    # via -r requirements.in
+six==1.16.0
+    # via
+    #   ddsketch
+    #   ddtrace
+    #   oic
+    #   pyjwkest
+    #   python-dateutil
+    #   tenacity
+sqlalchemy==1.3.22
+    # via -r requirements.in
+srvlookup==2.0.0
+    # via csh-ldap
+sshtunnel==0.2.2
+    # via -r requirements.in
+tenacity==5.0.2
+    # via
+    #   -r requirements.in
+    #   ddtrace
+tomli==1.2.3
+    # via
+    #   black
+    #   build
+    #   pep517
+    #   pylint
+typing-extensions==4.2.0
+    # via
+    #   astroid
+    #   black
+    #   pylint
+urllib3==1.26.9
+    # via
+    #   requests
+    #   sentry-sdk
+websockify==0.9.0
+    # via -r requirements.in
+werkzeug==1.0.1
+    # via flask
+wheel==0.37.1
+    # via pip-tools
+wrapt==1.14.1
+    # via astroid
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools