-
Notifications
You must be signed in to change notification settings - Fork 10
/
tox.ini
145 lines (128 loc) · 4.66 KB
/
tox.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
[tox]
envlist = py311, static, docs
[testenv]
deps=
-r requirements.txt
-r test-requirements.txt
commands=pytest {posargs}
allowlist_externals=sh
[testenv:static]
commands=
mypy --install-types --non-interactive -p exodus_lambda -p tests
sh -c 'pylint exodus_lambda; test $(( $? & (1|2|4|32) )) = 0'
isort --check .
[testenv:cov]
usedevelop=true
commands=
pytest --cov-report=html --cov=exodus_lambda {posargs}
[testenv:cov-ci]
usedevelop=true
commands=
pytest --cov-fail-under=100 --cov=exodus_lambda {posargs}
[testenv:bandit]
usedevelop=true
commands=
bandit -r -ll -c bandit.yaml .
[testenv:safety]
usedevelop=true
commands=
safety check --output json {posargs}
[testenv:docs]
use_develop=true
deps=
sphinx
graphviz
commands=
sphinx-build -M html docs docs/_build
# Create a lambda deployment package.
[testenv:package]
skip_install=true
allowlist_externals=
sh
rm
commands=
rm -rf ./package package.zip
# --require-hashes and then --no-deps to avoid using anything untrusted from PyPI
pip install --require-hashes -r requirements.txt --target ./package
pip install --no-deps --target ./package .
sh -c 'scripts/mk-config > package/lambda_config.json'
sh -c 'cd package && zip -r ../package.zip .'
rm -rf ./package
[testenv:fakefront]
# Serve exodus-lambda through a local development server which simulates
# basic CloudFront behaviors.
#
# The default configuration of this environment is designed to work with
# the localstack instance deployed by the exodus-gw dev env, described
# at: https://release-engineering.github.io/exodus-gw/development.html
#
# You will have to tweak the environment variables if you use a different
# environment, or different bucket & table names.
passenv =
EXODUS_*
ORIGIN_*
usedevelop = true
deps=
gunicorn
setenv =
EXODUS_AWS_ENDPOINT_URL={env:EXODUS_AWS_ENDPOINT_URL:https://localhost:3377}
EXODUS_TABLE={env:EXODUS_TABLE:my-table}
EXODUS_CONFIG_TABLE={env:EXODUS_CONFIG_TABLE:my-config}
ORIGIN_REQUEST_LOGGER_LEVEL={env:ORIGIN_REQUEST_LOGGER_LEVEL:DEBUG}
ORIGIN_RESPONSE_LOGGER_LEVEL={env:ORIGIN_RESPONSE_LOGGER_LEVEL:DEBUG}
EXODUS_LOG_FORMAT={env:EXODUS_LOG_FORMAT:%(asctime)s - %(levelname)s - %(message)s}
EXODUS_KEY_ID={env:EXODUS_KEY_ID:FAKEFRONT}
commands =
gunicorn support.fakefront -b 127.0.0.1:8049 --reload {posargs}
[testenv:fakefront-podman]
# Like 'fakefront' but builds & runs via a container image.
#
# This testenv is mainly intended for sanity checking the image.
# Otherwise there is generally no advantage in using this over
# the 'fakefront' testenv.
skip_install=true
allowlist_externals=
podman
passenv =
EXODUS_*
ORIGIN_*
setenv =
EXODUS_AWS_ENDPOINT_URL={env:EXODUS_AWS_ENDPOINT_URL:https://localhost:3377}
EXODUS_TABLE={env:EXODUS_TABLE:my-table}
EXODUS_CONFIG_TABLE={env:EXODUS_CONFIG_TABLE:my-config}
ORIGIN_REQUEST_LOGGER_LEVEL={env:ORIGIN_REQUEST_LOGGER_LEVEL:DEBUG}
ORIGIN_RESPONSE_LOGGER_LEVEL={env:ORIGIN_RESPONSE_LOGGER_LEVEL:DEBUG}
EXODUS_LOG_FORMAT={env:EXODUS_LOG_FORMAT:%(asctime)s - %(levelname)s - %(message)s}
EXODUS_KEY_ID={env:EXODUS_KEY_ID:FAKEFRONT}
REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
commands =
podman build . -t fakefront -f support/fakefront/Containerfile
podman run \
--network host \
--security-opt label=disable \
-v /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro \
--env REQUESTS_CA_BUNDLE --env 'EXODUS*' --env 'ORIGIN*' \
fakefront \
-b 127.0.0.1:8049 \
{posargs}
[testenv:integration-tests]
passenv = *
commands=
pytest ./tests/integration --lambda-stack {env:STACK_NAME} {posargs}
[pytest]
testpaths = tests
addopts = -v
[coverage:run]
relative_files = true
[testenv:pip-compile]
deps = pip-tools
basepython = python3.11
skip_install = true
skipsdist = true
# Note that --pip-args should match the deployment environment to ensure
# that the compiled requirements files here are compatible with that
# environment (most notably, only using binary packages).
commands =
pip-compile -U --resolver=backtracking --generate-hashes requirements-fakefront.in --pip-args='--platform "manylinux2014_x86_64" --only-binary=":all:" --python-version="3.11" --implementation cp'
pip-compile -U --resolver=backtracking --generate-hashes requirements.in --pip-args='--platform "manylinux2014_x86_64" --only-binary=":all:" --python-version="3.11" --implementation cp'
pip-compile -U --resolver=backtracking --generate-hashes requirements-fakefront.in requirements.in test-requirements.in -o test-requirements.txt --pip-args='--platform "manylinux2014_x86_64" --only-binary=":all:" --python-version="3.11" --implementation cp'