|
6 | 6 | # 'pinned.txt' is updated on GitHub with Dependabot, which |
7 | 7 | # triggers CI/CD builds to automatically test against updated dependencies. |
8 | 8 | # |
9 | | -# |
10 | | -# NOTE: 'pip-compile' only adds dependencies relevant for the Python version, |
11 | | -# in which it is executed. Moreover, it does not add environment markers of |
12 | | -# transitive dependencies. |
13 | | -# The official recommendation for cross-environment usage of pip-compile tends |
14 | | -# towards separate requirements files for each environment (see |
15 | | -# jazzband/pip-tools#651), this seem like an overkill for tuf, where we only |
16 | | -# have a few conditional dependencies, i.e. dependencies that are required on |
17 | | -# Python < 3 only. |
18 | | -# |
19 | | -# |
20 | | -# Below instructions can be used to re-generate 'pinned.txt', e.g. |
21 | | -# if: |
22 | | -# - requirements are added or removed from this file |
23 | | -# - Python version support is changed |
24 | | -# - CI/CD build breaks due to updates (e.g. transitive dependency conflicts) |
25 | | -# |
26 | | -# 1. Use this script to create a pinned requirements file for each Python |
27 | | -# version |
28 | | -# ``` |
29 | | -# for v in 3.8 3.9 3.10 3.11; do |
30 | | -# mkvirtualenv tuf-env-${v} -p python${v}; |
31 | | -# python3 -m pip install pip-tools; |
32 | | -# pip-compile --no-header -o requirements-${v}.txt main.txt; |
33 | | -# deactivate; |
34 | | -# rmvirtualenv tuf-env-${v}; |
35 | | -# done; |
36 | | -# |
37 | | -# ``` |
38 | | -# 2. Use this command to merge per-version files |
39 | | -# `sort -o pinned.txt -u requirements-?.?.txt` |
40 | | -# 2. Manually add environment markers to pinned.txt |
41 | | -# 3. Use this command to remove per-version files |
42 | | -# `rm requirements-?.?.txt` |
43 | | -# |
44 | 9 | securesystemslib[crypto, pynacl] |
45 | 10 | requests |
0 commit comments