tox.ini

# Tox (http://tox.testrun.org/) is a tool for running tests
# in multiple virtualenvs. This configuration file will run the
# test suite on all supported python versions. To use it, "pip install tox"
# and then run "tox" from this directory.

[tox]
envlist = lint, py38, py39, py310, py311, purepy311, py311-no-gpg, py311-test-gpg-fails
skipsdist = True

[testenv]
install_command =
    pip install {opts} {packages}

passenv =
    PYKCS11LIB

deps =
    -r{toxinidir}/requirements-pinned.txt
    -r{toxinidir}/requirements-test.txt

commands =
    python -m tests.check_gpg_available
    coverage run tests/aggregate_tests.py
    coverage report -m --fail-under 83

[testenv:purepy311]
deps =

commands =
    python -m tests.check_gpg_available
    python -m tests.check_public_interfaces

[testenv:py311-no-gpg]
setenv =
    GNUPG = nonexisting-gpg-for-testing
commands =
    python -m tests.check_public_interfaces_gpg

[testenv:kms]
deps =
    -r{toxinidir}/requirements-pinned.txt
    -r{toxinidir}/requirements-kms.txt
passenv =
    GOOGLE_APPLICATION_CREDENTIALS
commands =
    python -m tests.check_kms_signers

[testenv:sigstore]
deps =
    -r{toxinidir}/requirements-pinned.txt
    -r{toxinidir}/requirements-sigstore.txt
passenv =
    # These are required to detect ambient credentials on GitHub
    GITHUB_ACTIONS
    ACTIONS_ID_TOKEN_REQUEST_TOKEN
    ACTIONS_ID_TOKEN_REQUEST_URL
    CERT_ID
    CERT_ISSUER
commands =
    python -m tests.check_sigstore_signer

# This checks that importing securesystemslib.gpg.constants doesn't shell out on
# import.
[testenv:py311-test-gpg-fails]
setenv =
    GNUPG = false
commands =
    python -c "import securesystemslib.gpg.constants"

[testenv:lint]
deps =
    -r{toxinidir}/requirements-pinned.txt
    -r{toxinidir}/requirements-lint.txt
commands =
    black --check --diff  .
    isort --check --diff  .

    pylint -j 0 --rcfile=pylintrc securesystemslib tests
    bandit --recursive securesystemslib --exclude _vendor
    mypy