From 08b98a4f3cf3c9b676f41bb738671427fed6b9fd Mon Sep 17 00:00:00 2001 From: gesh Date: Mon, 10 Feb 2025 16:09:46 +0200 Subject: [PATCH 01/25] fix(test_cache): Correct XDG testing logic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The tests on Linux were relying on XDG_CACHE_HOME being set to its fallback value of ∼/.cache, which made them fail on systems with custom values for XDG_CACHE_HOME. To account for this, we take the cue from the Windows tests and set XDG_CACHE_HOME to a known, custom, value. This incidentally also tests that our logic can account for custom values of XDG_CACHE_HOME, so this doesn't need its own test. The value of "/tmp/home/.cache" was chosen as a cross between the Windows value of "/tmp/AppData/Local" and the fallback "∼/.cache" Fixes: #814 --- test/test_cache.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/test_cache.py b/test/test_cache.py index de2c52bf..3e2eef2c 100644 --- a/test/test_cache.py +++ b/test/test_cache.py @@ -20,8 +20,11 @@ def _patch_platformdirs(monkeypatch: MonkeyPatch, sys_platform: str) -> None: # as cache definition is stored in the top level `__init__.py` file of the # `platformdirs` package importlib.reload(platformdirs) + # Setting directory-controlling environment variables to known state if sys_platform == "win32": monkeypatch.setenv("LOCALAPPDATA", "/tmp/AppData/Local") + elif sys_platform == "linux": + monkeypatch.setenv("XDG_CACHE_HOME", "/tmp/home/.cache") def test_get_cache_dir(monkeypatch): @@ -48,7 +51,7 @@ def test_get_pip_cache(): [ pytest.param( "linux", - Path.home() / ".cache" / "pip-audit", + Path("/tmp") / "home" / ".cache" / "pip-audit", id="on Linux", ), pytest.param( @@ -76,7 +79,7 @@ def test_get_cache_dir_do_not_use_pip(monkeypatch, sys_platform, expected): [ pytest.param( "linux", - Path.home() / ".cache" / "pip-audit", + Path("/tmp") / "home" / ".cache" / "pip-audit", id="on Linux", ), pytest.param( @@ -105,7 +108,7 @@ def test_get_cache_dir_pip_disabled_in_environment(monkeypatch, sys_platform, ex [ pytest.param( "linux", - Path.home() / ".cache" / "pip-audit", + Path("/tmp") / "home" / ".cache" / "pip-audit", id="on Linux", ), pytest.param( From 4d1de2d66987786c407bc667e78b8496615546d9 Mon Sep 17 00:00:00 2001 From: gesh Date: Mon, 10 Feb 2025 16:19:05 +0200 Subject: [PATCH 02/25] fix(test_cache): Make tests more consistent Several changes to the tests in test_cache.py to make them more consistent with each other - test_get_cache_dir: Follow all other tests in not casting to posix paths in checking paths are as expected, instead checking an equal Path object is roundtripped. Also, run the test simulating all platform's path logic, like the other tests. - test_get_cache_dir_old_pip: Remove logic checking whether _get_cache_dir accepts explicitly-set paths. It is duplicated from test_get_cache_dir, doesn't appear to be exercising any new codepath, and it is unclear why this case needs extra exercise - test_get_pip_cache, test_get_cache_dir_old_pip: follow the lead of test_get_cache_dir_pip_disabled_in_environment and inline the call to _get_cache_dir --- test/test_cache.py | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/test/test_cache.py b/test/test_cache.py index 3e2eef2c..7a46790d 100644 --- a/test/test_cache.py +++ b/test/test_cache.py @@ -27,17 +27,28 @@ def _patch_platformdirs(monkeypatch: MonkeyPatch, sys_platform: str) -> None: monkeypatch.setenv("XDG_CACHE_HOME", "/tmp/home/.cache") -def test_get_cache_dir(monkeypatch): +@pytest.mark.parametrize( + "sys_platform", + [ + pytest.param("linux", id="on Linux"), + pytest.param("win32", id="on Windows"), + pytest.param("darwin", id="on MacOS"), + ], +) +def test_get_cache_dir(monkeypatch, sys_platform): + # Check cross-platforms + _patch_platformdirs(monkeypatch, sys_platform) + # When we supply a cache directory, always use that - cache_dir = _get_cache_dir(Path("/tmp/foo/cache_dir")) - assert cache_dir.as_posix() == "/tmp/foo/cache_dir" + cache_dir = Path("/tmp/foo/cache_dir") + assert _get_cache_dir(cache_dir) == cache_dir - get_pip_cache = pretend.call_recorder(lambda: Path("/fake/pip/cache/dir")) + cache_dir = Path("/fake/pip/cache/dir") + get_pip_cache = pretend.call_recorder(lambda: cache_dir) monkeypatch.setattr(cache, "_get_pip_cache", get_pip_cache) # When `pip cache dir` works, we use it. In this case, it's mocked. - cache_dir = _get_cache_dir(None, use_pip=True) - assert cache_dir.as_posix() == "/fake/pip/cache/dir" + assert _get_cache_dir(None, use_pip=True) == cache_dir def test_get_pip_cache(): @@ -69,9 +80,9 @@ def test_get_pip_cache(): def test_get_cache_dir_do_not_use_pip(monkeypatch, sys_platform, expected): # Check cross-platforms _patch_platformdirs(monkeypatch, sys_platform) + # Even with None, we never use the pip cache if we're told not to. - cache_dir = _get_cache_dir(None, use_pip=False) - assert cache_dir == expected + assert _get_cache_dir(None, use_pip=False) == expected @pytest.mark.parametrize( @@ -129,14 +140,9 @@ def test_get_cache_dir_old_pip(monkeypatch, sys_platform, expected): # Check cross-platforms _patch_platformdirs(monkeypatch, sys_platform) - # When we supply a cache directory, always use that - cache_dir = _get_cache_dir(Path("/tmp/foo/cache_dir")) - assert cache_dir.as_posix() == "/tmp/foo/cache_dir" - # In this case, we can't query `pip` to figure out where its HTTP cache is # Instead, we use `~/.pip-audit-cache` - cache_dir = _get_cache_dir(None) - assert cache_dir == expected + assert _get_cache_dir(None) == expected def test_cache_warns_about_old_pip(monkeypatch, cache_dir): From 2f03ce18d7cd57603c7b89f275c30d0562711df3 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 27 Feb 2025 10:47:02 -0500 Subject: [PATCH 03/25] ci: add Windows test job Signed-off-by: William Woodruff --- .github/workflows/ci.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 053f5087..bcaf09a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,11 +35,29 @@ jobs: - name: test run: make test PIP_AUDIT_EXTRA=test + test-windows: + runs-on: windows-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 + with: + # Always test with latest Python on Windows. + python-version: "3.x" + cache: "pip" + cache-dependency-path: pyproject.toml + + - name: test + run: make test PIP_AUDIT_EXTRA=test + all-tests-pass: if: always() needs: - test + - test-windows runs-on: ubuntu-latest From fb57cbfb1e69e9606e2898b3e0c2ffdc52ddf8a4 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 9 Jun 2025 14:45:09 -0400 Subject: [PATCH 04/25] _cli: make mypy happy Signed-off-by: William Woodruff --- pip_audit/_cli.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pip_audit/_cli.py b/pip_audit/_cli.py index 416160e4..4797dd9c 100644 --- a/pip_audit/_cli.py +++ b/pip_audit/_cli.py @@ -34,7 +34,13 @@ ) from pip_audit._service import EcosystemsService, OsvService, PyPIService from pip_audit._service.interface import ConnectionError as VulnServiceConnectionError -from pip_audit._service.interface import ResolvedDependency, SkippedDependency, VulnerabilityService +from pip_audit._service.interface import ( + Dependency, + ResolvedDependency, + SkippedDependency, + VulnerabilityResult, + VulnerabilityService, +) from pip_audit._state import AuditSpinner, AuditState from pip_audit._util import assert_never @@ -538,7 +544,7 @@ def audit() -> None: # pragma: no cover # wants to dry-run the "fix" step instead of the "audit" step auditor = Auditor(service, options=AuditOptions(dry_run=args.dry_run and not args.fix)) - result = {} + result: dict[Dependency, list[VulnerabilityResult]] = {} pkg_count = 0 vuln_count = 0 skip_count = 0 From 5b8a829ea8836bffe1494985b4d16ea8df5f76c6 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 9 Jun 2025 14:47:44 -0400 Subject: [PATCH 05/25] test_pip: fix two tests on Windows Signed-off-by: William Woodruff --- test/dependency_source/test_pip.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/dependency_source/test_pip.py b/test/dependency_source/test_pip.py index cea43904..3a2af179 100644 --- a/test/dependency_source/test_pip.py +++ b/test/dependency_source/test_pip.py @@ -54,12 +54,13 @@ def test_pip_source_warns_about_old_pip(monkeypatch): monkeypatch.setattr(pip, "logger", logger) pip.PipSource() - assert logger.warning.calls == [ + assert ( pretend.call( "pip 1.0.0 is very old, and may not provide reliable dependency information! " "You are STRONGLY encouraged to upgrade to a newer version of pip." ) - ] + in logger.warning.calls + ) def test_pip_source_pip_api_failure(monkeypatch): @@ -75,7 +76,9 @@ def explode(): def test_pip_source_invalid_version(monkeypatch): - logger = pretend.stub(debug=pretend.call_recorder(lambda s: None)) + logger = pretend.stub( + debug=pretend.call_recorder(lambda s: None), warning=pretend.call_recorder(lambda s: None) + ) monkeypatch.setattr(pip, "logger", logger) source = pip.PipSource() From b32926ee7949e9b8b4da5a967d45b3568f82e27a Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 14:30:56 -0400 Subject: [PATCH 06/25] cleanup tests Signed-off-by: William Woodruff --- test/test_cache.py | 113 +++++---------------------------------------- 1 file changed, 11 insertions(+), 102 deletions(-) diff --git a/test/test_cache.py b/test/test_cache.py index 7a46790d..94f41d9f 100644 --- a/test/test_cache.py +++ b/test/test_cache.py @@ -1,44 +1,14 @@ -import importlib -import sys from pathlib import Path -import platformdirs import pretend # type: ignore -import pytest from packaging.version import Version -from pytest import MonkeyPatch +from platformdirs import user_cache_path import pip_audit._cache as cache from pip_audit._cache import _get_cache_dir, _get_pip_cache -def _patch_platformdirs(monkeypatch: MonkeyPatch, sys_platform: str) -> None: - """Utility function to patch `platformdirs` in order to test cross-platforms.""" - # Mocking OS host - monkeypatch.setattr(sys, "platform", sys_platform) - # We are forced to reload `platformdirs` to get the correct cache directory - # as cache definition is stored in the top level `__init__.py` file of the - # `platformdirs` package - importlib.reload(platformdirs) - # Setting directory-controlling environment variables to known state - if sys_platform == "win32": - monkeypatch.setenv("LOCALAPPDATA", "/tmp/AppData/Local") - elif sys_platform == "linux": - monkeypatch.setenv("XDG_CACHE_HOME", "/tmp/home/.cache") - - -@pytest.mark.parametrize( - "sys_platform", - [ - pytest.param("linux", id="on Linux"), - pytest.param("win32", id="on Windows"), - pytest.param("darwin", id="on MacOS"), - ], -) -def test_get_cache_dir(monkeypatch, sys_platform): - # Check cross-platforms - _patch_platformdirs(monkeypatch, sys_platform) - +def test_get_cache_dir(monkeypatch): # When we supply a cache directory, always use that cache_dir = Path("/tmp/foo/cache_dir") assert _get_cache_dir(cache_dir) == cache_dir @@ -57,92 +27,31 @@ def test_get_pip_cache(): assert cache_dir.stem == "http" -@pytest.mark.parametrize( - "sys_platform,expected", - [ - pytest.param( - "linux", - Path("/tmp") / "home" / ".cache" / "pip-audit", - id="on Linux", - ), - pytest.param( - "win32", - Path("/tmp") / "AppData" / "Local" / "pip-audit" / "Cache", - id="on Windows", - ), - pytest.param( - "darwin", - Path.home() / "Library" / "Caches" / "pip-audit", - id="on MacOS", - ), - ], -) -def test_get_cache_dir_do_not_use_pip(monkeypatch, sys_platform, expected): - # Check cross-platforms - _patch_platformdirs(monkeypatch, sys_platform) +def test_get_cache_dir_do_not_use_pip(): + expected = user_cache_path("pip-audit", appauthor=False) # Even with None, we never use the pip cache if we're told not to. assert _get_cache_dir(None, use_pip=False) == expected -@pytest.mark.parametrize( - "sys_platform,expected", - [ - pytest.param( - "linux", - Path("/tmp") / "home" / ".cache" / "pip-audit", - id="on Linux", - ), - pytest.param( - "win32", - Path("/tmp") / "AppData" / "Local" / "pip-audit" / "Cache", - id="on Windows", - ), - pytest.param( - "darwin", - Path.home() / "Library" / "Caches" / "pip-audit", - id="on MacOS", - ), - ], -) -def test_get_cache_dir_pip_disabled_in_environment(monkeypatch, sys_platform, expected): +def test_get_cache_dir_pip_disabled_in_environment(monkeypatch): monkeypatch.setenv("PIP_NO_CACHE_DIR", "1") - # Check cross-platforms - _patch_platformdirs(monkeypatch, sys_platform) + + expected = user_cache_path("pip-audit", appauthor=False) # Even with use_pip=True, we avoid pip's cache if the environment tells us to. assert _get_cache_dir(None, use_pip=True) == expected -@pytest.mark.parametrize( - "sys_platform,expected", - [ - pytest.param( - "linux", - Path("/tmp") / "home" / ".cache" / "pip-audit", - id="on Linux", - ), - pytest.param( - "win32", - Path("/tmp") / "AppData" / "Local" / "pip-audit" / "Cache", - id="on Windows", - ), - pytest.param( - "darwin", - Path.home() / "Library" / "Caches" / "pip-audit", - id="on MacOS", - ), - ], -) -def test_get_cache_dir_old_pip(monkeypatch, sys_platform, expected): +def test_get_cache_dir_old_pip(monkeypatch): # Check the case where we have an old `pip` monkeypatch.setattr(cache, "_PIP_VERSION", Version("1.0.0")) - # Check cross-platforms - _patch_platformdirs(monkeypatch, sys_platform) # In this case, we can't query `pip` to figure out where its HTTP cache is # Instead, we use `~/.pip-audit-cache` - assert _get_cache_dir(None) == expected + cache_dir = _get_cache_dir(None) + expected = user_cache_path("pip-audit", appauthor=False) + assert cache_dir == expected def test_cache_warns_about_old_pip(monkeypatch, cache_dir): From f11d58c8f89286d93dd77f7293c918c9cfcb7f33 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 14:54:45 -0400 Subject: [PATCH 07/25] combine coverage Signed-off-by: William Woodruff --- .github/workflows/ci.yml | 59 +++++++++++++++++++++++++++++++++++++--- Makefile | 5 +--- pyproject.toml | 6 ++-- 3 files changed, 58 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4aa0d056..e515488d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,6 +35,14 @@ jobs: - name: test run: make test PIP_AUDIT_EXTRA=test + - name: Upload coverage data + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: coverage-data-${{ matrix.python }} + path: .coverage.* + include-hidden-files: true + if-no-files-found: ignore + test-windows: runs-on: windows-latest steps: @@ -42,7 +50,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: # Always test with latest Python on Windows. python-version: "3.x" @@ -52,12 +60,55 @@ jobs: - name: test run: make test PIP_AUDIT_EXTRA=test + - name: Upload coverage data + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: coverage-data-windows + path: .coverage.* + include-hidden-files: true + if-no-files-found: ignore + + coverage: + name: Combine & check coverage + if: always() + needs: [test, test-windows] + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: "3.x" + + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + pattern: coverage-data-* + merge-multiple: true + + - name: Combine coverage & fail if it's <100% + run: | + make dev PIP_AUDIT_EXTRA=cov + + ./env/bin/python -Im coverage combine + ./env/bin/python -Im coverage html --skip-covered --skip-empty + + # Report and write to summary. + ./env/bin/python -Im coverage report --format=markdown >> "${GITHUB_STEP_SUMMARY}" + + # Report again and fail if under 100%. + ./env/bin/python -Im coverage report --fail-under=100 + + - name: Upload HTML report if check failed + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: html-report + path: htmlcov + if: ${{ failure() }} + all-tests-pass: if: always() - needs: - - test - - test-windows + needs: [coverage] runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 750068d9..746dad2c 100644 --- a/Makefile +++ b/Makefile @@ -27,10 +27,8 @@ PIP_AUDIT_EXTRA := dev # complete test coverage. ifneq ($(TESTS),) TEST_ARGS := -x -k $(TESTS) - COV_ARGS := else TEST_ARGS := - COV_ARGS := --fail-under 100 endif .PHONY: all @@ -67,8 +65,7 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - pytest --cov=$(PY_MODULE) $(T) $(TEST_ARGS) && \ - python -m coverage report -m $(COV_ARGS) + pytest --cov=$(PY_MODULE) $(T) $(TEST_ARGS) .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index a8aa9ab0..005ba457 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -40,12 +40,10 @@ dependencies = [ requires-python = ">=3.9" [project.optional-dependencies] -test = [ +cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 - "pretend", - "pytest", - "pytest-cov", ] +test = ["pretend", "pytest", "pytest-cov", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From c5fb3cb86b47b00f3f165386c77b31cf90ef024a Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 15:01:15 -0400 Subject: [PATCH 08/25] zizmor Signed-off-by: William Woodruff --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e515488d..dde8370c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,6 +76,9 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: "3.x" From 74b1490f835520bea05c1970dad5673cbebe5db8 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 15:12:50 -0400 Subject: [PATCH 09/25] parallelize Signed-off-by: William Woodruff --- Makefile | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 746dad2c..e3b2090c 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - pytest --cov=$(PY_MODULE) $(T) $(TEST_ARGS) + pytest -n auto --cov=$(PY_MODULE) $(T) $(TEST_ARGS) .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index 005ba457..44b2ee7d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-cov", "pip-audit[cov]"] +test = ["pretend", "pytest", "pytest-cov", "pytest-xdist", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From 311e8e0d3ea704de694e3c4848806c19a320326a Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 15:15:36 -0400 Subject: [PATCH 10/25] parallel coverage collection Signed-off-by: William Woodruff --- pyproject.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index 44b2ee7d..1c483d08 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -62,6 +62,9 @@ Homepage = "https://pypi.org/project/pip-audit/" Issues = "https://github.com/pypa/pip-audit/issues" Source = "https://github.com/pypa/pip-audit" +[tool.coverage.run] +parallel = true + [tool.interrogate] # don't enforce documentation coverage for packaging, testing, the virtual # environment, or the CLI (which is documented separately). From a15d9269d7ccafd9d9e3771710fde9b3bdec11da Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 15:40:28 -0400 Subject: [PATCH 11/25] remove pytest-cov Signed-off-by: William Woodruff --- Makefile | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e3b2090c..c328f267 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - pytest -n auto --cov=$(PY_MODULE) $(T) $(TEST_ARGS) + coverage run -m pytest -n auto $(T) $(TEST_ARGS) .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index 1c483d08..63bd99e6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-cov", "pytest-xdist", "pip-audit[cov]"] +test = ["pretend", "pytest", "pytest-xdist", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From 21410f235c7b5665c67cdb4ef90e3066d1cdb02c Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 16:19:16 -0400 Subject: [PATCH 12/25] continue the testing pain Signed-off-by: William Woodruff --- pyproject.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index 63bd99e6..afc6d741 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -62,6 +62,10 @@ Homepage = "https://pypi.org/project/pip-audit/" Issues = "https://github.com/pypa/pip-audit/issues" Source = "https://github.com/pypa/pip-audit" +[tool.coverage.paths] +source = ["pip-audit/", "*/pip-audit/", "*\\pip-audit\\"] +tests = ["tests/", "*\\tests\\"] + [tool.coverage.run] parallel = true From cbf9958e4e58b1676e0e4b58e6e211a5bb198235 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 16:26:44 -0400 Subject: [PATCH 13/25] hackety hack Signed-off-by: William Woodruff --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index afc6d741..313d830a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -63,7 +63,7 @@ Issues = "https://github.com/pypa/pip-audit/issues" Source = "https://github.com/pypa/pip-audit" [tool.coverage.paths] -source = ["pip-audit/", "*/pip-audit/", "*\\pip-audit\\"] +source = ["pip_audit/", "*\\pip_audit\\"] tests = ["tests/", "*\\tests\\"] [tool.coverage.run] From a6b58e7eee0b013d959b7a3846f6279c16f27acd Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 16:31:02 -0400 Subject: [PATCH 14/25] fix test paths Signed-off-by: William Woodruff --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 313d830a..91b1123e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -64,7 +64,7 @@ Source = "https://github.com/pypa/pip-audit" [tool.coverage.paths] source = ["pip_audit/", "*\\pip_audit\\"] -tests = ["tests/", "*\\tests\\"] +tests = ["test/", "*\\test\\"] [tool.coverage.run] parallel = true From 6effa0e0959355c02c2a883b265442b76337ff71 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 16:39:32 -0400 Subject: [PATCH 15/25] hackety hack Signed-off-by: William Woodruff --- pyproject.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 91b1123e..50b73508 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -63,8 +63,7 @@ Issues = "https://github.com/pypa/pip-audit/issues" Source = "https://github.com/pypa/pip-audit" [tool.coverage.paths] -source = ["pip_audit/", "*\\pip_audit\\"] -tests = ["test/", "*\\test\\"] +source = ["pip_audit/", "*/pip_audit/*", "*\\pip_audit\\"] [tool.coverage.run] parallel = true From 4b8236ae157d7d7d73950e7f67bea62f9c93baaf Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 16:45:21 -0400 Subject: [PATCH 16/25] grumble Signed-off-by: William Woodruff --- pyproject.toml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 50b73508..90c9ee8d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -63,7 +63,12 @@ Issues = "https://github.com/pypa/pip-audit/issues" Source = "https://github.com/pypa/pip-audit" [tool.coverage.paths] -source = ["pip_audit/", "*/pip_audit/*", "*\\pip_audit\\"] +# This is used for path mapping when combining coverage data +# from multiple machines. The first entry is the local path, +# and subsequent entries are the remote paths that get remapped +# to the local path. +# See: https://coverage.readthedocs.io/en/latest/config.html#paths +source = ["pip_audit/", "*/pip_audit/", "*\\pip_audit\\"] [tool.coverage.run] parallel = true From 12a5df368b52b3873cf1a02181ad20dc860ccdf0 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 16:53:57 -0400 Subject: [PATCH 17/25] sigh Signed-off-by: William Woodruff --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index 90c9ee8d..73592213 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -71,6 +71,7 @@ Source = "https://github.com/pypa/pip-audit" source = ["pip_audit/", "*/pip_audit/", "*\\pip_audit\\"] [tool.coverage.run] +source = ["pip_audit"] parallel = true [tool.interrogate] From 44bbbdf7ed38f89ef04a1315f9045a1fa00f5a9d Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 17:18:37 -0400 Subject: [PATCH 18/25] add relative_files Signed-off-by: William Woodruff --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index 73592213..f42ea060 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -73,6 +73,7 @@ source = ["pip_audit/", "*/pip_audit/", "*\\pip_audit\\"] [tool.coverage.run] source = ["pip_audit"] parallel = true +relative_files = true [tool.interrogate] # don't enforce documentation coverage for packaging, testing, the virtual From be91c39641526a2334b4bb0950c2993d40c994d1 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 17:24:48 -0400 Subject: [PATCH 19/25] hackety hack Signed-off-by: William Woodruff --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f42ea060..fa83969d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,7 +68,7 @@ Source = "https://github.com/pypa/pip-audit" # and subsequent entries are the remote paths that get remapped # to the local path. # See: https://coverage.readthedocs.io/en/latest/config.html#paths -source = ["pip_audit/", "*/pip_audit/", "*\\pip_audit\\"] +source = ["pip_audit", "*/pip_audit", "*\\pip_audit"] [tool.coverage.run] source = ["pip_audit"] From fc747491edbb5fd167ef83575cf0691befbfdba8 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 17:32:45 -0400 Subject: [PATCH 20/25] sanity checking Signed-off-by: William Woodruff --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c328f267..2497d4c6 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,8 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - coverage run -m pytest -n auto $(T) $(TEST_ARGS) + coverage run -m pytest -n auto $(T) $(TEST_ARGS) && \ + coverage report -m .PHONY: doc doc: $(VENV)/pyvenv.cfg From 33501ad6d5856b7276dd7df4b5eabccc3de826ed Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 17:50:24 -0400 Subject: [PATCH 21/25] bring back pytest-cov Signed-off-by: William Woodruff --- Makefile | 3 +-- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 2497d4c6..e3b2090c 100644 --- a/Makefile +++ b/Makefile @@ -65,8 +65,7 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - coverage run -m pytest -n auto $(T) $(TEST_ARGS) && \ - coverage report -m + pytest -n auto --cov=$(PY_MODULE) $(T) $(TEST_ARGS) .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index fa83969d..4621949f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-xdist", "pip-audit[cov]"] +test = ["pretend", "pytest", "pytest-xdist", "pytest-cov", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From 033cb627ae8f98e52487cb159012a1e9273ecc4c Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 17:53:42 -0400 Subject: [PATCH 22/25] Revert "bring back pytest-cov" This reverts commit 33501ad6d5856b7276dd7df4b5eabccc3de826ed. --- Makefile | 3 ++- pyproject.toml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e3b2090c..2497d4c6 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,8 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - pytest -n auto --cov=$(PY_MODULE) $(T) $(TEST_ARGS) + coverage run -m pytest -n auto $(T) $(TEST_ARGS) && \ + coverage report -m .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index 4621949f..fa83969d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-xdist", "pytest-cov", "pip-audit[cov]"] +test = ["pretend", "pytest", "pytest-xdist", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From abec9341fceaae510c438014b07b80a32420fd2b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 18:06:00 -0400 Subject: [PATCH 23/25] Reapply "bring back pytest-cov" This reverts commit 033cb627ae8f98e52487cb159012a1e9273ecc4c. --- Makefile | 3 +-- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 2497d4c6..e3b2090c 100644 --- a/Makefile +++ b/Makefile @@ -65,8 +65,7 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - coverage run -m pytest -n auto $(T) $(TEST_ARGS) && \ - coverage report -m + pytest -n auto --cov=$(PY_MODULE) $(T) $(TEST_ARGS) .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index fa83969d..4621949f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-xdist", "pip-audit[cov]"] +test = ["pretend", "pytest", "pytest-xdist", "pytest-cov", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From b325eab85d4eab469312aa15029b807975d331fe Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 17 Jun 2025 18:08:19 -0400 Subject: [PATCH 24/25] Revert "Reapply "bring back pytest-cov"" This reverts commit abec9341fceaae510c438014b07b80a32420fd2b. --- Makefile | 3 ++- pyproject.toml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e3b2090c..2497d4c6 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,8 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - pytest -n auto --cov=$(PY_MODULE) $(T) $(TEST_ARGS) + coverage run -m pytest -n auto $(T) $(TEST_ARGS) && \ + coverage report -m .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index 4621949f..fa83969d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-xdist", "pytest-cov", "pip-audit[cov]"] +test = ["pretend", "pytest", "pytest-xdist", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6", From 1ad953c1b31de1d5e1799fa7b6a734ed9af704f1 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 18 Jun 2025 10:23:51 -0400 Subject: [PATCH 25/25] disable xdist for now Signed-off-by: William Woodruff --- Makefile | 5 +---- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 2497d4c6..070d83e2 100644 --- a/Makefile +++ b/Makefile @@ -23,8 +23,6 @@ PIP_AUDIT_EXTRA := dev # If the user selects a specific test pattern to run, set `pytest` to fail fast # and only run tests that match the pattern. -# Otherwise, run all tests and enable coverage assertions, since we expect -# complete test coverage. ifneq ($(TESTS),) TEST_ARGS := -x -k $(TESTS) else @@ -65,8 +63,7 @@ reformat: .PHONY: test tests test tests: $(VENV)/pyvenv.cfg . $(VENV_BIN)/activate && \ - coverage run -m pytest -n auto $(T) $(TEST_ARGS) && \ - coverage report -m + coverage run -m pytest $(T) $(TEST_ARGS) .PHONY: doc doc: $(VENV)/pyvenv.cfg diff --git a/pyproject.toml b/pyproject.toml index fa83969d..47bcb9b7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ requires-python = ">=3.9" cov = [ "coverage[toml] ~= 7.0, != 7.3.3", # https://github.com/nedbat/coveragepy/issues/1713 ] -test = ["pretend", "pytest", "pytest-xdist", "pip-audit[cov]"] +test = ["pretend", "pytest", "pip-audit[cov]"] lint = [ "ruff >= 0.11", "interrogate ~= 1.6",