-
Notifications
You must be signed in to change notification settings - Fork 18
/
noxfile.py
266 lines (216 loc) · 7.41 KB
/
noxfile.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
"""Nox sessions."""
import os
import shlex
import shutil
import sys
from pathlib import Path
from textwrap import dedent
from typing import Optional
import nox
from nox_poetry import Session
from nox_poetry import session
package = "nox_poetry"
python_versions = [
"3.12",
"3.11",
"3.10",
"3.9",
"3.8",
"3.13",
]
nox.needs_version = ">= 2021.6.6"
nox.options.sessions = (
"pre-commit",
"safety",
"mypy",
"tests",
"xdoctest",
"docs-build",
)
def activate_virtualenv_in_precommit_hooks(session: Session) -> None:
"""Activate virtualenv in hooks installed by pre-commit.
This function patches git hooks installed by pre-commit to activate the
session's virtual environment. This allows pre-commit to locate hooks in
that environment when invoked from git.
Args:
session: The Session object.
"""
assert session.bin is not None # noqa: S101
# Only patch hooks containing a reference to this session's bindir. Support
# quoting rules for Python and bash, but strip the outermost quotes so we
# can detect paths within the bindir, like <bindir>/python.
bindirs = [
bindir[1:-1] if bindir[0] in "'\"" else bindir
for bindir in (repr(session.bin), shlex.quote(session.bin))
]
virtualenv = session.env.get("VIRTUAL_ENV")
if virtualenv is None:
return
headers = {
# pre-commit < 2.16.0
"python": f"""\
import os
os.environ["VIRTUAL_ENV"] = {virtualenv!r}
os.environ["PATH"] = os.pathsep.join((
{session.bin!r},
os.environ.get("PATH", ""),
))
""",
# pre-commit >= 2.16.0
"bash": f"""\
VIRTUAL_ENV={shlex.quote(virtualenv)}
PATH={shlex.quote(session.bin)}"{os.pathsep}$PATH"
""",
# pre-commit >= 2.17.0 on Windows forces sh shebang
"/bin/sh": f"""\
VIRTUAL_ENV={shlex.quote(virtualenv)}
PATH={shlex.quote(session.bin)}"{os.pathsep}$PATH"
""",
}
hookdir = Path(".git") / "hooks"
if not hookdir.is_dir():
return
for hook in hookdir.iterdir():
if hook.name.endswith(".sample") or not hook.is_file():
continue
if not hook.read_bytes().startswith(b"#!"):
continue
text = hook.read_text()
if not any(
Path("A") == Path("a") and bindir.lower() in text.lower() or bindir in text
for bindir in bindirs
):
continue
lines = text.splitlines()
for executable, header in headers.items():
if executable in lines[0].lower():
lines.insert(1, dedent(header))
hook.write_text("\n".join(lines))
break
@session(name="pre-commit", python=python_versions[0])
def precommit(session: Session) -> None:
"""Lint using pre-commit."""
args = session.posargs or [
"run",
"--all-files",
"--hook-stage=manual",
"--show-diff-on-failure",
]
session.install(
"darglint",
"flake8",
"flake8-docstrings",
"flake8-rst-docstrings",
"pre-commit",
"pre-commit-hooks",
"ruff",
)
session.run("pre-commit", *args)
if args and args[0] == "install":
activate_virtualenv_in_precommit_hooks(session)
@session(python=python_versions[0])
def safety(session: Session) -> None:
"""Scan dependencies for insecure packages."""
requirements = session.poetry.export_requirements()
session.install("safety")
ignore = [
# ADVISORY: In Jinja2, the from_string function is prone to Server
# Side Template Injection (SSTI) where it takes the "source" parameter as a
# template object, renders it, and then returns it. The attacker can exploit
# it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple
# third parties believe that this vulnerability isn't valid because users
# shouldn't use untrusted templates without sandboxing.
# CVE-2019-8341
"70612",
]
session.run(
"safety",
"check",
"--full-report",
f"--file={requirements}",
f"--ignore={','.join(ignore)}",
)
@session(python=python_versions)
def mypy(session: Session) -> None:
"""Type-check using mypy."""
args = session.posargs or ["src", "tests", "docs/conf.py"]
session.install(".", "mypy", "pytest", "importlib-metadata", "poetry")
session.run("mypy", *args)
if not session.posargs and session.python == python_versions[0]:
session.run("mypy", f"--python-executable={sys.executable}", "noxfile.py")
@session
@nox.parametrize(
"python,poetry",
[
(python_versions[0], "1.6.1"),
*((python, None) for python in python_versions),
],
)
def tests(session: Session, poetry: Optional[str]) -> None:
"""Run the test suite."""
session.install(".")
session.install(
"coverage[toml]",
"poetry",
"pytest",
"pytest-datadir",
"pygments",
"typing_extensions",
)
if poetry is not None:
session.run_always(
"python", "-m", "pip", "install", f"poetry=={poetry}", silent=True
)
try:
session.run("coverage", "run", "--parallel", "-m", "pytest", *session.posargs)
finally:
if session.interactive:
session.notify("coverage", posargs=[])
@session(python=python_versions[0])
def coverage(session: Session) -> None:
"""Produce the coverage report."""
args = session.posargs or ["report"]
session.install("coverage[toml]")
if not session.posargs and any(Path().glob(".coverage.*")):
session.run("coverage", "combine")
session.run("coverage", *args)
@session(python=python_versions)
def typeguard(session: Session) -> None:
"""Runtime type checking using Typeguard."""
session.install(".")
session.install("pytest", "typeguard", "pygments")
session.run("pytest", f"--typeguard-packages={package}", *session.posargs)
@session(python=python_versions)
def xdoctest(session: Session) -> None:
"""Run examples with xdoctest."""
if session.posargs:
args = [package, *session.posargs]
else:
args = [f"--modname={package}", "--command=all"]
if "FORCE_COLOR" in os.environ:
args.append("--colored=1")
session.install(".")
session.install("xdoctest[colors]")
session.run("python", "-m", "xdoctest", *args)
@session(name="docs-build", python=python_versions[0])
def docs_build(session: Session) -> None:
"""Build the documentation."""
args = session.posargs or ["docs", "docs/_build"]
if not session.posargs and "FORCE_COLOR" in os.environ:
args.insert(0, "--color")
session.install(".")
session.install("sphinx", "furo", "myst-parser")
build_dir = Path("docs", "_build")
if build_dir.exists():
shutil.rmtree(build_dir)
session.run("sphinx-build", *args)
@session(python=python_versions[0])
def docs(session: Session) -> None:
"""Build and serve the documentation with live reloading on file changes."""
args = session.posargs or ["--open-browser", "docs", "docs/_build"]
session.install(".")
session.install("sphinx", "sphinx-autobuild", "furo", "myst-parser")
build_dir = Path("docs", "_build")
if build_dir.exists():
shutil.rmtree(build_dir)
session.run("sphinx-autobuild", *args)