Update changelog for 0.10.1

Fix CI

.github/scripts/setup-env.sh

@@ -7,66 +7,29 @@
 
 set -e;
 
-# ##### Prereqs #####
-#
-# Set global vars for usage in the script, create the cache directory so we can rely
-# on that existing, then dump some diagnostic info for later reference.
-#
-CI_VENV=$HOME/ci;
 CI_CACHE=$HOME/.cache;
-CI_CACHE_GET_POETRY="$CI_CACHE/get-poetry.py";
-CI_POETRY=$HOME/.poetry/bin/poetry;
-CI_VENV_PIP="$CI_VENV/bin/pip";
-CI_VENV_PIP_VERSION=19.3.1;
-CI_VENV_TOX="$CI_VENV/bin/tox";
+POETRY_VERSION=1.3.2;
 
 mkdir --parents "$CI_CACHE";
 
 command -v python;
 python --version;
 
-# ##### Install Poetry #####
-#
-# Download the poetry install script to the cache directory and then install poetry.
-# After dump the poetry version for later reference.
-#
-curl https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py \
-  --output "$CI_CACHE_GET_POETRY" \
+curl --location https://install.python-poetry.org \
+  --output "$CI_CACHE/install-poetry.py" \
   --silent \
-  --show-error \
-  --location;
-python "$CI_CACHE_GET_POETRY" --yes 1>/dev/null;
+  --show-error;
+python "$CI_CACHE/install-poetry.py" \
+  --version "$POETRY_VERSION" \
+  --yes;
+poetry --version --no-ansi;
+poetry run pip --version;
 
-python "$CI_POETRY" --version --no-ansi;
-
-# ##### Setup Runtime Venv #####
-#
-# Create a virtual environment for poetry to use, upgrade pip in that venv to a pinned
-# version, then install the current project to the venv.
-#
-# Note 1: Poetry, Tox, and this project plugin all use pip under the hood for package
-#         installation. This means that even though we are creating up to eight venvs
-#         during a given CI run they all share the same download cache.
-# Note 2: The "VIRTUAL_ENV=$CI_VENV" prefix on the poetry commands below sets the venv
-#         that poetry will use for operations. There is no CLI flag for poetry that
-#         directs it to use a given environment, but if it finds itself in an existing
-#         environment it will use it and skip environment creation.
-#
-python -m venv "$CI_VENV";
-
-$CI_VENV_PIP install "pip==$CI_VENV_PIP_VERSION" \
-  --upgrade \
-  --quiet;
-
-VIRTUAL_ENV=$CI_VENV "$CI_POETRY" install \
+poetry install \
   --extras poetry \
   --quiet \
-  --no-ansi \
-  &>/dev/null;
+  --remove-untracked \
+  --no-ansi;
 
-# ##### Print Debug Info #####
-#
-# Print the pip and tox versions (which will include registered plugins)
-#
-$CI_VENV_PIP --version;
-echo "tox $($CI_VENV_TOX --version)";
+poetry env info;
+poetry run tox --version;

.github/workflows/ci.yaml

@@ -7,27 +7,33 @@ on:
     branches: ["devel"]
 jobs:
   Test:
+    name: Python ${{ matrix.python.version }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
         python:
-          - version: 3.6
-            toxenv: py36
-          - version: 3.7
+          - version: "3.7"
             toxenv: py37
-          - version: 3.8
+          - version: "3.8"
             toxenv: py38
-          - version: 3.9
+          - version: "3.9"
             toxenv: py39
+          - version: "3.10"
+            toxenv: py310
+          - version: "3.11"
+            toxenv: py311
+      fail-fast: true
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup:python${{ matrix.python.version }}
-        uses: actions/setup-python@v1
+
+      - name: Install Python ${{ matrix.python.version }}
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python.version }}
-      - name: Setup:cache
-        uses: actions/cache@v2
+
+      - name: Configure Job Cache
+        uses: actions/cache@v3
         with:
           path: |
             ~/.cache/pip
@@ -37,34 +43,49 @@ jobs:
           # will be invalidated, and thus all packages will be redownloaded, if the
           # lockfile is updated
           key: ${{ runner.os }}-${{ matrix.python.toxenv }}-${{ hashFiles('**/poetry.lock') }}
-      - name: Setup:env
+
+      - name: Configure Path
+        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Configure Environment
         run: .github/scripts/setup-env.sh
-      - name: Run:${{ matrix.python.toxenv }}
-        run: $HOME/ci/bin/tox -e ${{ matrix.python.toxenv }} --require-poetry
+
+      - name: Run Toxenv ${{ matrix.python.toxenv }}
+        run: poetry run tox -e ${{ matrix.python.toxenv }}
+
   Check:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup:python3.8
-        uses: actions/setup-python@v1
+
+      - name: Install Python 3.10
+        uses: actions/setup-python@v4
         with:
-          python-version: 3.8
-      - name: Setup:cache
-        uses: actions/cache@v2
+          python-version: "3.10"
+
+      - name: Configure Job Cache
+        uses: actions/cache@v3
         with:
           path: |
             ~/.cache/pip
             ~/.cache/pypoetry/cache
             ~/.poetry
-          # Hardcoded 'py38' slug here lets this cache piggyback on the 'py38' cache
+          # Hardcoded 'py310' slug here lets this cache piggyback on the 'py310' cache
           # that is generated for the tests above
-          key: ${{ runner.os }}-py38-${{ hashFiles('**/poetry.lock') }}
-      - name: Setup:env
+          key: ${{ runner.os }}-py310-${{ hashFiles('**/poetry.lock') }}
+
+      - name: Configure Path
+        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Configure Environment
         run: .github/scripts/setup-env.sh
-      - name: Run:static
-        run: $HOME/ci/bin/tox -e static --require-poetry
-      - name: Run:static-tests
-        run: $HOME/ci/bin/tox -e static-tests --require-poetry
-      - name: Run:security
-        run: $HOME/ci/bin/tox -e security --require-poetry
+
+      - name: Run Static Analysis Checks
+        run: poetry run tox -e static
+
+      - name: Run Static Analysis Checks (Tests)
+        run: poetry run tox -e static-tests
+
+      - name: Run Security Checks
+        run: poetry run tox -e security

.pre-commit-config.yaml

@@ -13,36 +13,67 @@
 # by the Poetry-managed dependency.
 #
 repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.3.0
+  - repo: local
     hooks:
       - id: end-of-file-fixer
+        name: end-of-file-fixer
+        entry: end-of-file-fixer
         language: system
+        types:
+          - text
+
       - id: fix-encoding-pragma
+        name: fix-encoding-pragma
+        entry: fix-encoding-pragma
+        language: system
         args:
           - "--remove"
+        types:
+          - python
+
+      - id: trailing-whitespace-fixer
+        name: trailing-whitespace-fixer
+        entry: trailing-whitespace-fixer
         language: system
-      - id: trailing-whitespace
-        language: system
+        types:
+          - text
+
       - id: check-merge-conflict
+        name: check-merge-conflict
+        entry: check-merge-conflict
         language: system
+        types:
+          - text
 
-  - repo: https://github.com/psf/black
-    rev: 20.8b1
-    hooks:
-      - id: black
-        language: system
-
-  - repo: https://github.com/asottile/blacken-docs
-    rev: v1.8.0
-    hooks:
-      - id: blacken-docs
-        language: system
-
-  - repo: https://github.com/asottile/reorder_python_imports
-    rev: v2.3.6
-    hooks:
       - id: reorder-python-imports
+        name: reorder-python-imports
+        entry: reorder-python-imports
+        language: system
         args:
           - "--unclassifiable-application-module=tox_poetry_installer"
+        types:
+          - python
+
+      - id: black
+        name: black
+        entry: black
         language: system
+        types:
+          - python
+
+      - id: blacken-docs
+        name: blacken-docs
+        entry: blacken-docs
+        language: system
+        types:
+          - text
+
+      - id: mdformat
+        name: mdformat
+        entry: mdformat
+        language: system
+        args:
+          - "--number"
+          - "--wrap=90"
+        types:
+          - markdown

.pylintrc

@@ -1,46 +1,5 @@
-[MASTER]
-
-# A comma-separated list of package or module names from where C extensions may
-# be loaded. Extensions are loading into the active Python interpreter and may
-# run arbitrary code
-extension-pkg-whitelist=
-
-# Add files or directories to the blacklist. They should be base names, not
-# paths.
-ignore=
-
-# Add files or directories matching the regex patterns to the blacklist. The
-# regex matches against base names, not paths.
-ignore-patterns=
-
-# Python code to execute, usually for sys.path manipulation such as
-# pygtk.require().
-#init-hook=
-
-# Use multiple processes to speed up Pylint.
-jobs=1
-
-# List of plugins (as comma separated values of python modules names) to load,
-# usually to register additional checkers.
-load-plugins=
-
-# Pickle collected data for later comparisons.
-persistent=yes
-
-# Specify a configuration file.
-#rcfile=
-
-# Allow loading of arbitrary C extensions. Extensions are imported into the
-# active Python interpreter and may run arbitrary code.
-unsafe-load-any-extension=no
-
-
 [MESSAGES CONTROL]
 
-# Only show warnings with the listed confidence levels. Leave empty to show
-# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
-confidence=
-
 # Disable the message, report, category or checker with the given id(s). You
 # can either give multiple identifiers separated by comma (,) or put this
 # option multiple times (only on the command line, not in the configuration
@@ -50,378 +9,47 @@ confidence=
 # --enable=similarities". If you want to run only the classes checker, but have
 # no Warning level messages displayed, use"--disable=all --enable=classes
 # --disable=W"
-disable=logging-fstring-interpolation, logging-format-interpolation, bad-continuation, line-too-long
-#print-statement,parameter-unpacking,unpacking-in-except,old-raise-syntax,backtick,long-suffix,old-ne-operator,old-octal-literal,import-star-module-level,raw-checker-failed,bad-inline-option,locally-disabled,locally-enabled,file-ignored,suppressed-message,useless-suppression,deprecated-pragma,apply-builtin,basestring-builtin,buffer-builtin,cmp-builtin,coerce-builtin,execfile-builtin,file-builtin,long-builtin,raw_input-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,no-absolute-import,old-division,dict-iter-method,dict-view-method,next-method-called,metaclass-assignment,indexing-exception,raising-string,reload-builtin,oct-method,hex-method,nonzero-method,cmp-method,input-builtin,round-builtin,intern-builtin,unichr-builtin,map-builtin-not-iterating,zip-builtin-not-iterating,range-builtin-not-iterating,filter-builtin-not-iterating,using-cmp-argument,eq-without-hash,div-method,idiv-method,rdiv-method,exception-message-attribute,invalid-str-codec,sys-max-int,bad-python3-import,deprecated-string-function,deprecated-str-translate-call,
-
-# Enable the message, report, category or checker with the given id(s). You can
-# either give multiple identifier separated by comma (,) or put this option
-# multiple time (only on the command line, not in the configuration file where
-# it should appear only once). See also the "--disable" option for examples.
-enable=
+disable=logging-fstring-interpolation
+        ,logging-format-interpolation
+        ,bad-continuation
+        ,line-too-long
+        ,ungrouped-imports
+        ,typecheck
+        ,wrong-import-order
+        ,wrong-import-position
 
 
 [REPORTS]
 
-# Python expression which should return a note less than 10 (10 is the highest
-# note). You have access to the variables errors warning, statement which
-# respectively contain the number of errors / warnings messages and the total
-# number of statements analyzed. This is used by the global evaluation report
-# (RP0004).
-evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
-
-# Template used to display messages. This is a python new-style format string
-# used to format the message information. See doc for all details
-#msg-template=
-
 # Set the output format. Available formats are text, parseable, colorized, json
 # and msvs (visual studio).You can also give a reporter class, eg
 # mypackage.mymodule.MyReporterClass.
-output-format=text
-
-# Tells whether to display a full report or only the messages
-reports=no
-
-# Activate the evaluation score.
-score=yes
-
-
-[REFACTORING]
-
-# Maximum number of nested blocks for function / method body
-max-nested-blocks=5
+output-format=colorized
 
 
 [BASIC]
 
-# Naming hint for argument names
-argument-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Regular expression matching correct argument names
-argument-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Naming hint for attribute names
-attr-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Regular expression matching correct attribute names
-attr-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Bad variable names which should always be refused, separated by a comma
-bad-names=foo,bar,baz,toto,tutu,tata
-
-# Naming hint for class attribute names
-class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
-
-# Regular expression matching correct class attribute names
-class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
-
-# Naming hint for class names
-class-name-hint=[A-Z_][a-zA-Z0-9]+$
-
-# Regular expression matching correct class names
-class-rgx=[A-Z_][a-zA-Z0-9]+$
-
-# Naming hint for constant names
-const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
-
-# Regular expression matching correct constant names
-const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
-
-# Minimum line length for functions/classes that require docstrings, shorter
-# ones are exempt.
-docstring-min-length=-1
-
-# Naming hint for function names
-function-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Regular expression matching correct function names
-function-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
 # Good variable names which should always be accepted, separated by a comma
-good-names=_,ip,ap
-
-# Include a hint for the correct naming format with invalid-name
-include-naming-hint=no
-
-# Naming hint for inline iteration names
-inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
-
-# Regular expression matching correct inline iteration names
-inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
-
-# Naming hint for method names
-method-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Regular expression matching correct method names
-method-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Naming hint for module names
-module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
-
-# Regular expression matching correct module names
-module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
-
-# Colon-delimited sets of names that determine each other's naming style when
-# the name regexes allow several styles.
-name-group=
-
-# Regular expression which should only match function or class names that do
-# not require a docstring.
-no-docstring-rgx=^_
-
-# List of decorators that produce properties, such as abc.abstractproperty. Add
-# to this list to register other decorators that produce valid properties.
-property-classes=abc.abstractproperty
-
-# Naming hint for variable names
-variable-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
-
-# Regular expression matching correct variable names
-variable-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+good-names=_,ip,T
 
 
 [MISCELLANEOUS]
-
-# List of note tags to take in consideration, separated by a comma.
-#notes=FIXME,XXX,TODO
+# Not FIXME or TODO
 notes=XXX
 
 
-[LOGGING]
-
-# Logging modules to check that the string format arguments are in logging
-# function parameter format
-logging-modules=logging
-
-
 [SIMILARITIES]
 
-# Ignore comments when computing similarities.
-ignore-comments=yes
-
-# Ignore docstrings when computing similarities.
-ignore-docstrings=yes
-
 # Ignore imports when computing similarities.
 ignore-imports=yes
 
+# Ignore function signatures when computing similarities.
+ignore-signatures=yes
+
 # Minimum lines number of a similarity.
 min-similarity-lines=10
 
-
-[VARIABLES]
-
-# List of additional names supposed to be defined in builtins. Remember that
-# you should avoid to define new builtins when possible.
-additional-builtins=
-
-# Tells whether unused global variables should be treated as a violation.
-allow-global-unused-variables=yes
-
-# List of strings which can identify a callback function by name. A callback
-# name must start or end with one of those strings.
-callbacks=cb_,_cb
-
-# A regular expression matching the name of dummy variables (i.e. expectedly
-# not used).
-dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
-
-# Argument names that match this expression will be ignored. Default to name
-# with leading underscore
-ignored-argument-names=_.*|^ignored_|^unused_|^fxt_
-
-# Tells whether we should check for unused import in __init__ files.
-init-import=no
-
-# List of qualified module names which can have objects that can redefine
-# builtins.
-redefining-builtins-modules=six.moves,future.builtins
-
-
-[SPELLING]
-
-# Spelling dictionary name. Available dictionaries: none. To make it working
-# install python-enchant package.
-spelling-dict=
-
-# List of comma separated words that should not be checked.
-spelling-ignore-words=
-
-# A path to a file that contains private dictionary; one word per line.
-spelling-private-dict-file=
-
-# Tells whether to store unknown words to indicated private dictionary in
-# --spelling-private-dict-file option instead of raising a message.
-spelling-store-unknown-words=no
-
-
-[FORMAT]
-
-# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
-expected-line-ending-format=
-
-# Regexp for a line that is allowed to be longer than the limit.
-ignore-long-lines=^\s*(# )?<?https?://\S+>?$
-
-# Number of spaces of indent required inside a hanging  or continued line.
-indent-after-paren=4
-
-# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
-# tab).
-indent-string='    '
-
-# Maximum number of characters on a single line.
-max-line-length=100
-
-# Maximum number of lines in a module
-max-module-lines=1000
-
-# List of optional constructs for which whitespace checking is disabled. `dict-
-# separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
-# `trailing-comma` allows a space between comma and closing bracket: (a, ).
-# `empty-line` allows space-only lines.
-no-space-check=trailing-comma,dict-separator
-
-# Allow the body of a class to be on the same line as the declaration if body
-# contains single statement.
-single-line-class-stmt=no
-
-# Allow the body of an if to be on the same line as the test if there is no
-# else.
-single-line-if-stmt=no
-
-
-[TYPECHECK]
-
-# List of decorators that produce context managers, such as
-# contextlib.contextmanager. Add to this list to register other decorators that
-# produce valid context managers.
-contextmanager-decorators=contextlib.contextmanager
-
-# List of members which are set dynamically and missed by pylint inference
-# system, and so shouldn't trigger E1101 when accessed. Python regular
-# expressions are accepted.
-generated-members=
-
-# Tells whether missing members accessed in mixin class should be ignored. A
-# mixin class is detected if its name ends with "mixin" (case insensitive).
-ignore-mixin-members=yes
-
-# This flag controls whether pylint should warn about no-member and similar
-# checks whenever an opaque object is returned when inferring. The inference
-# can return multiple potential results while evaluating a Python object, but
-# some branches might not be evaluated, which results in partial inference. In
-# that case, it might be useful to still emit no-member and other checks for
-# the rest of the inferred objects.
-ignore-on-opaque-inference=yes
-
-# List of class names for which member attributes should not be checked (useful
-# for classes with dynamically set attributes). This supports the use of
-# qualified names.
-ignored-classes=optparse.Values,thread._local,_thread._local
-
-# List of module names for which member attributes should not be checked
-# (useful for modules/projects where namespaces are manipulated during runtime
-# and thus existing member attributes cannot be deduced by static analysis. It
-# supports qualified module names, as well as Unix pattern matching.
-ignored-modules=
-
-# Show a hint with possible names when a member name was not found. The aspect
-# of finding the hint is based on edit distance.
-missing-member-hint=yes
-
-# The minimum edit distance a name should have in order to be considered a
-# similar match for a missing member name.
-missing-member-hint-distance=1
-
-# The total number of similar names that should be taken in consideration when
-# showing a hint for a missing member.
-missing-member-max-choices=1
-
-
-[CLASSES]
-
-# List of method names used to declare (i.e. assign) instance attributes.
-defining-attr-methods=__init__,__new__,setUp
-
-# List of member names, which should be excluded from the protected access
-# warning.
-exclude-protected=_asdict,_fields,_replace,_source,_make
-
-# List of valid names for the first argument in a class method.
-valid-classmethod-first-arg=cls
-
-# List of valid names for the first argument in a metaclass class method.
-valid-metaclass-classmethod-first-arg=mcs
-
-
-[IMPORTS]
-
-# Allow wildcard imports from modules that define __all__.
-allow-wildcard-with-all=no
-
-# Analyse import fallback blocks. This can be used to support both Python 2 and
-# 3 compatible code, which means that the block might have code that exists
-# only in one or another interpreter, leading to false positives when analysed.
-analyse-fallback-blocks=no
-
-# Deprecated modules which should not be used, separated by a comma
-deprecated-modules=regsub,TERMIOS,Bastion,rexec
-
-# Create a graph of external dependencies in the given file (report RP0402 must
-# not be disabled)
-ext-import-graph=
-
-# Create a graph of every (i.e. internal and external) dependencies in the
-# given file (report RP0402 must not be disabled)
-import-graph=
-
-# Create a graph of internal dependencies in the given file (report RP0402 must
-# not be disabled)
-int-import-graph=
-
-# Force import order to recognize a module as part of the standard
-# compatibility libraries.
-known-standard-library=
-
-# Force import order to recognize a module as part of a third party library.
-known-third-party=enchant
-
-
 [DESIGN]
 
 # Maximum number of arguments for function / method
 max-args=7
-
-# Maximum number of attributes for a class (see R0902).
-max-attributes=7
-
-# Maximum number of boolean expressions in a if statement
-max-bool-expr=5
-
-# Maximum number of branch for function / method body
-max-branches=12
-
-# Maximum number of locals for function / method body
-max-locals=15
-
-# Maximum number of parents for a class (see R0901).
-max-parents=7
-
-# Maximum number of public methods for a class (see R0904).
-max-public-methods=20
-
-# Maximum number of return / yield for function / method body
-max-returns=6
-
-# Maximum number of statements in function / method body
-max-statements=50
-
-# Minimum number of public methods for a class (see R0903).
-min-public-methods=2
-
-
-[EXCEPTIONS]
-
-# Exceptions that will emit a warning when being caught. Defaults to
-# "Exception"
-overgeneral-exceptions=Exception

CHANGELOG.md

@@ -2,20 +2,154 @@
 
 See also: [Github Release Page](https://github.com/enpaul/tox-poetry-installer/releases).
 
+## Version 0.10.1
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.10.1),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.10.1/)
+
+- Add PyPI classifier for Python-3.11 compatibility
+- Add CI support for Python-3.11
+- Add support for Poetry-1.3.x (#83)
+
+## Version 0.10.0
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.10.0),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.10.0/)
+
+- Add `poetry_dep_groups` option to support installing groups of Poetry dependencies.
+  Contributed by [Oshmoun](https://github.com/oshmoun) (#76)
+- Deprecate `install_dev_deps` option
+
+## Version 0.9.0
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.9.0),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.9.0/)
+
+- Add support for Poetry-1.2.x. Contributed by [Justin Wood](https://github.com/Callek)
+  (#73)
+- Update Black formatting to stable release version
+- Remove support for Python-3.6
+- Remove support for Poetry-1.1.x
+- Fix installing dependencies multiple times when transient dependencies are duplicated in
+  the dependency tree
+
+## Version 0.8.5
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.5),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.5/)
+
+- Fix Poetry version specification supporting the incompatible Poetry-1.2.0 release
+
+## Version 0.8.4
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.4),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.4/)
+
+- Fix issue where incompatible package versions were selected for installation when multiple
+  package versions were in the lockfile
+
+## Version 0.8.3
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.3),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.3/)
+
+- Add PyPI classifier for Python 3.10 compatibility
+
+## Version 0.8.2
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.2),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.2/)
+
+- Improve debug-level logging for package installation, and time how long installing each
+  package takes. Contributed by [Rebecca
+  Turner](https://github.com/9999years) (#63).
+- Fix crash caused by the package-under-test depending on Poetry's unsafe dependencies ([#65](https://github.com/enpaul/tox-poetry-installer/issues/65))
+
+## Version 0.8.1
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.1),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.1/)
+
+- Fix unintuitive behavior of the `install_project_deps` option by ensuring the specified
+  value always causes the implied action
+
+## Version 0.8.0
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.0),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.0/)
+
+- Add default installation of locked dependencies using thread workers, decreasing
+  environment provisioning times by ~90%
+- Add runtime option `--parallel-install-threads` to support configuring the number of
+  worker threads for parallel dependency installation
+- Add configuration option `install_project_deps` to support disabling the install of
+  project dependencies to an environment
+- Deprecate runtime option `--parallelize-locked-install`
+
+## Version 0.7.0
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.7.0),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.7.0/)
+
+- Add runtime option `--parallelize-locked-install` to support installing locked
+  dependencies in parallel to speed up test environment creation
+- Add config option `require_poetry` to allow per-environment control over whether the
+  plugin should force an error
+- Add unit tests for custom dependency processing and installation
+- Update internal logging system to reduce code duplication
+- Update documentation to improve readability
+- Deprecate runtime option `--require-poetry`
+
+## Version 0.6.4
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.4),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.6.4/)
+
+- Remove custom package compatibility checking logic from transient dependency resolution
+  process
+- Add integration with Poetry's compatibility
+  [`Marker`](https://github.com/python-poetry/poetry-core/blob/master/poetry/core/version/markers.py)
+  object system for determining package compatibility with the current platform ([#43](https://github.com/enpaul/tox-poetry-installer/issues/43))
+- Add missing PyPI classifier for Python 3
+
+## Version 0.6.3
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.3),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.6.3/)
+
+- Update required `tox` version from `^3.0` to `^3.8` to avoid compatibility issues
+- Update logging messages to improve UX
+- Fix transient dependency packages being installed in a pseudo-random order due to Python
+  sets being unordered ([#41](https://github.com/enpaul/tox-poetry-installer/issues/41))
+- Fix outdated docstrings
+
 ## Version 0.6.2
 
 View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.2),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.6.2/)
 
-* Update locked version of `py` to `1.10.0` to address
+- Update locked version of `py` to `1.10.0` to address
   [CVE-2020-29651](https://nvd.nist.gov/vuln/detail/CVE-2020-29651)
-* Fix dependency identification failing when the package under test is a transient dependency
-  of a locked dependency specified for installation
-* Fix `AttributeError` being raised while creating the Tox self-provisioned environment when
-  using either the [`minversion`](https://tox.readthedocs.io/en/latest/config.html#conf-minversion)
-  or [`requires`](https://tox.readthedocs.io/en/latest/config.html#conf-requires) Tox config options
-
+- Fix dependency identification failing when the package under test is a transient
+  dependency of a locked dependency specified for installation
+- Fix `AttributeError` being raised while creating the Tox self-provisioned environment when
+  using either the
+  [`minversion`](https://tox.readthedocs.io/en/latest/config.html#conf-minversion) or
+  [`requires`](https://tox.readthedocs.io/en/latest/config.html#conf-requires) Tox config
+  options
 
 ## Version 0.6.1
 
@@ -23,40 +157,37 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.1),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.6.1/)
 
-* Update logging around transient dependency processing to improve debugging of dependency
+- Update logging around transient dependency processing to improve debugging of dependency
   installation problems
-* Fix regression around handling of Poetry's unsafe packages when the unsafe package is a
+- Fix regression around handling of Poetry's unsafe packages when the unsafe package is a
   transient dependency ([#33](https://github.com/enpaul/tox-poetry-installer/issues/33))
-* Fix handling of Poetry's unsafe packages when the unsafe package is a primary (environment
+- Fix handling of Poetry's unsafe packages when the unsafe package is a primary (environment
   or package) dependency
 
-
 ## Version 0.6.0
 
 View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.0),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.6.0/)
 
-* Add `poetry` extra to support installing Poetry as a direct dependency of the plugin
-* Add `--require-poetry` runtime option to force Tox failure if Poetry is not installed
-* Update logging messages to improve UX around non-verbose messaging
-* Update error logging to avoid dumping stack traces
-* Update integration with Tox's `action` object to better manage internal state at runtime
-* Update documentation to more clearly cover more use cases
-* Remove `poetry` as a required dependency to support external Poetry installations
+- Add `poetry` extra to support installing Poetry as a direct dependency of the plugin
+- Add `--require-poetry` runtime option to force Tox failure if Poetry is not installed
+- Update logging messages to improve UX around non-verbose messaging
+- Update error logging to avoid dumping stack traces
+- Update integration with Tox's `action` object to better manage internal state at runtime
+- Update documentation to more clearly cover more use cases
+- Remove `poetry` as a required dependency to support external Poetry installations
 
 First beta release :tada:
 
-
 ## Version 0.5.2
 
 View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.5.2),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.5.2/)
 
-* Fix always attempting to install dependencies with incompatible python version constraints
-* Fix always attempting to install dependencies with incompatible python platforms
-
+- Fix always attempting to install dependencies with incompatible python version constraints
+- Fix always attempting to install dependencies with incompatible python platforms
 
 ## Version 0.5.1
 
@@ -64,11 +195,10 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.5.1),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.5.1/)
 
-* Add CI/Tox tests for Python-3.9
-* Update dependency processing to reduce duplication during installation
-* Update minimum python requirement to `3.6.1`
-* Fix `UnboundLocal` exception when not installing project dependencies
-
+- Add CI/Tox tests for Python-3.9
+- Update dependency processing to reduce duplication during installation
+- Update minimum python requirement to `3.6.1`
+- Fix `UnboundLocal` exception when not installing project dependencies
 
 ## Version 0.5.0
 
@@ -76,16 +206,16 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.5.0),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.5.0/)
 
-* Add option `locked_deps` to better support both locked and unlocked dependencies in a
+- Add option `locked_deps` to better support both locked and unlocked dependencies in a
   single environment
-* Add blocking functionality when using `require_locked_deps = true` to prevent other
-  hooks from running after this one
-* Update documentation to include new configuration options and errors
-* Update documentation to improve future maintainability
-* Update module structure to move from single-file module to multi-file directory module
-* Fix `RecursionError` when installing locked dependencies that specify recursive dependencies
-* Fix always reinstalling all locked dependencies on every run regardless of update status
-
+- Add blocking functionality when using `require_locked_deps = true` to prevent other hooks
+  from running after this one
+- Update documentation to include new configuration options and errors
+- Update documentation to improve future maintainability
+- Update module structure to move from single-file module to multi-file directory module
+- Fix `RecursionError` when installing locked dependencies that specify recursive
+  dependencies
+- Fix always reinstalling all locked dependencies on every run regardless of update status
 
 ## Version 0.4.0
 
@@ -93,20 +223,18 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.4.0),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.4.0/)
 
-* Add `install_dev_deps` configuration option for automatically installing all Poetry
+- Add `install_dev_deps` configuration option for automatically installing all Poetry
   dev-dependencies into a Tox testenv
 
-
 ## Version 0.3.1
 
 View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.3.1),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.3.1/)
 
-* Fix error when installing an environment with no extras specified in the configuration
-* Fix problem where only the dependencies of the sequentially last extra would be installed
-* Fix regression causing no project dependencies to be installed
-
+- Fix error when installing an environment with no extras specified in the configuration
+- Fix problem where only the dependencies of the sequentially last extra would be installed
+- Fix regression causing no project dependencies to be installed
 
 ## Version 0.3.0
 
@@ -114,12 +242,12 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.3.0),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.3.0/)
 
-* Add support for the Tox [`extras`](https://tox.readthedocs.io/en/latest/config.html#conf-extras)
-  configuration parameter
-* Update runtime-skip-conditional checks to improve clarity and ease of future maintenance
-* Update lockfile parsing to avoid parsing it multiple times for a single testenv
-* Fix missing `poetry-core` dependency when using Poetry<1.1.0
-
+- Add support for the Tox
+  [`extras`](https://tox.readthedocs.io/en/latest/config.html#conf-extras) configuration
+  parameter
+- Update runtime-skip-conditional checks to improve clarity and ease of future maintenance
+- Update lockfile parsing to avoid parsing it multiple times for a single testenv
+- Fix missing `poetry-core` dependency when using Poetry\<1.1.0
 
 ## Version 0.2.4
 
@@ -127,9 +255,8 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.2.4),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.2.4/)
 
-* Fix support for Poetry-1.1 ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
-* Include tests in sdist ([#8](https://github.com/enpaul/tox-poetry-installer/issues/8))
-
+- Fix support for Poetry-1.1 ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
+- Include tests in sdist ([#8](https://github.com/enpaul/tox-poetry-installer/issues/8))
 
 ## Version 0.2.3
 
@@ -137,9 +264,8 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.2.3),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.2.3/)
 
-* Fix usage of the plugin in non-Poetry based projects ([#1](https://github.com/enpaul/tox-poetry-installer/issues/1))
-* Fix treating dependency names as case sensitive when they shouldn't be ([#7](https://github.com/enpaul/tox-poetry-installer/issues/7))
-
+- Fix usage of the plugin in non-Poetry based projects ([#1](https://github.com/enpaul/tox-poetry-installer/issues/1))
+- Fix treating dependency names as case sensitive when they shouldn't be ([#7](https://github.com/enpaul/tox-poetry-installer/issues/7))
 
 ## Version 0.2.2
 
@@ -147,9 +273,8 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.2.2),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.2.2/)
 
-* Fix breaking when running Tox in projects that do not use Poetry for their environment/dependency
-  management ([#1](https://github.com/enpaul/tox-poetry-installer/issues/1))
-
+- Fix breaking when running Tox in projects that do not use Poetry for their
+  environment/dependency management ([#1](https://github.com/enpaul/tox-poetry-installer/issues/1))
 
 ## Version 0.2.1
 
@@ -157,10 +282,9 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.2.1),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.2.1/)
 
-* Fix duplicate installation of transient environment dependencies
-* Fix logging error indicating all environments always have zero dependencies
-* Fix installing main dependencies when `skip_install` is false but `skipdist` is true
-
+- Fix duplicate installation of transient environment dependencies
+- Fix logging error indicating all environments always have zero dependencies
+- Fix installing main dependencies when `skip_install` is false but `skipdist` is true
 
 ## Version 0.2.0
 
@@ -168,17 +292,16 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.2.0),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.2.0/)
 
-* Add support for per-environment configuration setting `require_locked_deps`
-* Add support for per-dependency lock requirement setting using `@poetry` suffix
-* Add support for coexisting locked and unlocked dependencies in a single test environment
-* Update documentation to include more usage examples
-* Update documentation to improve clarity around problems and drawbacks
-* Fix logging messages being inconsistently formatted
-* Fix raising the same exception for "locked dependency not found" and "locked dependency
+- Add support for per-environment configuration setting `require_locked_deps`
+- Add support for per-dependency lock requirement setting using `@poetry` suffix
+- Add support for coexisting locked and unlocked dependencies in a single test environment
+- Update documentation to include more usage examples
+- Update documentation to improve clarity around problems and drawbacks
+- Fix logging messages being inconsistently formatted
+- Fix raising the same exception for "locked dependency not found" and "locked dependency
   specifies alternate version" errors
-* Fix plugin errors not reporting to Tox that they happened
-* Fix plugin errors not causing Tox to mark the env as failed
-
+- Fix plugin errors not reporting to Tox that they happened
+- Fix plugin errors not causing Tox to mark the env as failed
 
 ## Version 0.1.3
 
@@ -186,25 +309,25 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.1.3),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.1.3/)
 
-* Fix core functionality of installing dependencies from lockfile for the package-under-development
-  ("dev-package") built by Tox
-* Fix log messages not being displayed with Tox output
-* Add additional logging output for diagnostics
-* Update Poetry requirement to exclude upcoming Poetry-1.1.0 release which will break compatibility
+- Fix core functionality of installing dependencies from lockfile for the
+  package-under-development ("dev-package") built by Tox
+- Fix log messages not being displayed with Tox output
+- Add additional logging output for diagnostics
+- Update Poetry requirement to exclude upcoming Poetry-1.1.0 release which will break
+  compatibility
 
 This is the first release where the core functionality actually works as expected :tada:
 
-
 ## Version 0.1.2
 
 View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.1.2),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.1.2/)
 
-* Test trivial functionality on Python-3.6 and Python-3.7
-* Fix disagreement between `pyproject.toml` and module metadata on what the current version is
-* Fix constant named for PEP-440 that should have been named for PEP-508
-
+- Test trivial functionality on Python-3.6 and Python-3.7
+- Fix disagreement between `pyproject.toml` and module metadata on what the current version
+  is
+- Fix constant named for PEP-440 that should have been named for PEP-508
 
 ## Version 0.1.1
 
@@ -212,17 +335,17 @@ View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.1.1),
 [PyPI](https://pypi.org/project/tox-poetry-installer/0.1.1/)
 
-* Add/update project documentation
-* Add static analysis and formatting enforcement automation to toxfile
-* Add security analysis to toxfile
-* Fix raising `KeyError` for unlocked dependencies
-* Fix mishandling of Poetry's "unsafe dependencies"
-* Lint, blacken, and generally improve code quality
-
+- Add/update project documentation
+- Add static analysis and formatting enforcement automation to toxfile
+- Add security analysis to toxfile
+- Fix raising `KeyError` for unlocked dependencies
+- Fix mishandling of Poetry's "unsafe dependencies"
+- Lint, blacken, and generally improve code quality
 
 ## Version 0.1.0
 
 View this release on:
 [Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.1.0),
 
-* Add support for installing Tox environment dependencies using Poetry from the Poetry lockfile
+- Add support for installing Tox environment dependencies using Poetry from the Poetry
+  lockfile

CODE_OF_CONDUCT.md

@@ -1,129 +1,115 @@
-
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, religion, or sexual identity
-and orientation.
+We as members, contributors, and leaders pledge to make participation in our community a
+harassment-free experience for everyone, regardless of age, body size, visible or
+invisible disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
 
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse,
+inclusive, and healthy community.
 
 ## Our Standards
 
-Examples of behavior that contributes to a positive environment for our
-community include:
+Examples of behavior that contributes to a positive environment for our community include:
 
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the
-  overall community
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes, and learning
+  from the experience
+- Focusing on what is best not just for us as individuals, but for the overall community
 
 Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email
-  address, without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address, without their
+  explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
 
 ## Enforcement Responsibilities
 
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
+Community leaders are responsible for clarifying and enforcing our standards of acceptable
+behavior and will take appropriate and fair corrective action in response to any behavior
+that they deem inappropriate, threatening, offensive, or harmful.
 
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
+Community leaders have the right and responsibility to remove, edit, or reject comments,
+commits, code, wiki edits, issues, and other contributions that are not aligned to this
+Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
 
 ## Scope
 
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
+This Code of Conduct applies within all community spaces, and also applies when an
+individual is officially representing the community in public spaces. Examples of
+representing our community include using an official e-mail address, posting via an
+official social media account, or acting as an appointed representative at an online or
+offline event.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-[INSERT CONTACT METHOD].
-All complaints will be reviewed and investigated promptly and fairly.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the
+community leaders responsible for enforcement at \[INSERT CONTACT METHOD\]. All
+complaints will be reviewed and investigated promptly and fairly.
 
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
+All community leaders are obligated to respect the privacy and security of the reporter of
+any incident.
 
 ## Enforcement Guidelines
 
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
+Community leaders will follow these Community Impact Guidelines in determining the
+consequences for any action they deem in violation of this Code of Conduct:
 
 ### 1. Correction
 
 **Community Impact**: Use of inappropriate language or other behavior deemed
 unprofessional or unwelcome in the community.
 
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
+**Consequence**: A private, written warning from community leaders, providing clarity
+around the nature of the violation and an explanation of why the behavior was
+inappropriate. A public apology may be requested.
 
 ### 2. Warning
 
-**Community Impact**: A violation through a single incident or series
-of actions.
+**Community Impact**: A violation through a single incident or series of actions.
 
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or
-permanent ban.
+**Consequence**: A warning with consequences for continued behavior. No interaction with
+the people involved, including unsolicited interaction with those enforcing the Code of
+Conduct, for a specified period of time. This includes avoiding interactions in community
+spaces as well as external channels like social media. Violating these terms may lead to a
+temporary or permanent ban.
 
 ### 3. Temporary Ban
 
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
+**Community Impact**: A serious violation of community standards, including sustained
+inappropriate behavior.
 
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
+**Consequence**: A temporary ban from any sort of interaction or public communication with
+the community for a specified period of time. No public or private interaction with the
+people involved, including unsolicited interaction with those enforcing the Code of
+Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
 
 ### 4. Permanent Ban
 
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior,  harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
+**Community Impact**: Demonstrating a pattern of violation of community standards,
+including sustained inappropriate behavior, harassment of an individual, or aggression
+toward or disparagement of classes of individuals.
 
-**Consequence**: A permanent ban from any sort of public interaction within
-the community.
+**Consequence**: A permanent ban from any sort of public interaction within the community.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0,
+available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
 
 Community Impact Guidelines were inspired by [Mozilla's code of conduct
 enforcement ladder](https://github.com/mozilla/diversity).
 
-[homepage]: https://www.contributor-covenant.org
-
 For answers to common questions about this code of conduct, see the FAQ at
 https://www.contributor-covenant.org/faq. Translations are available at
 https://www.contributor-covenant.org/translations.
+
+[homepage]: https://www.contributor-covenant.org

LICENSE.md

@@ -1,11 +1,17 @@
-## Copyright 2020 Ethan Paul
+## Copyright 2020, 2022 Ethan Paul
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
-documentation files (the "Software"), to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
-and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+to whom the Software is furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of
-the Software.
+The above copyright notice and this permission notice shall be included in all copies or
+substantial portions of the Software.
 
-**THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.**
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

Makefile

@@ -32,5 +32,9 @@ source: ## Build Python source distribution package
 test: ## Run the project testsuite(s)
 	poetry run tox --recreate
 
-publish: wheel source ## Build and upload to pypi (requires $PYPI_API_KEY be set)
+dev: ## Create the local dev environment
+	poetry install --extras poetry --sync
+	poetry run pre-commit install
+
+publish: test wheel source ## Build and upload to pypi (requires $PYPI_API_KEY be set)
 	@poetry publish --username __token__ --password $(PYPI_API_KEY)

README.md

@@ -1,128 +1,124 @@
 # tox-poetry-installer
 
-A plugin for [Tox](https://tox.readthedocs.io/en/latest/) that allows test environment
-dependencies to be installed using [Poetry](https://python-poetry.org/) from its lockfile.
+A plugin for [Tox](https://tox.readthedocs.io/en/latest/) that lets you install test
+environment dependencies from the [Poetry](https://python-poetry.org/) lockfile.
+
+[![CI Status](https://github.com/enpaul/tox-poetry-installer/workflows/CI/badge.svg?event=push)](https://github.com/enpaul/tox-poetry-installer/actions)
+[![PyPI Version](https://img.shields.io/pypi/v/tox-poetry-installer)](https://pypi.org/project/tox-poetry-installer/)
+[![PyPI Downloads](https://img.shields.io/pypi/dm/tox-poetry-installer)](https://libraries.io/pypi/tox-poetry-installer)
+[![License](https://img.shields.io/pypi/l/tox-poetry-installer)](https://opensource.org/licenses/MIT)
+[![Python Supported Versions](https://img.shields.io/pypi/pyversions/tox-poetry-installer)](https://www.python.org)
+[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 
 ⚠️ **This project is beta software and is under active development** ⚠️
 
-[![ci-status](https://github.com/enpaul/tox-poetry-installer/workflows/CI/badge.svg?event=push)](https://github.com/enpaul/tox-poetry-installer/actions)
-[![pypi-version](https://img.shields.io/pypi/v/tox-poetry-installer)](https://pypi.org/project/tox-poetry-installer/)
-[![pypi-downloads](https://img.shields.io/pypi/dm/tox-poetry-installer)](https://libraries.io/pypi/tox-poetry-installer)
-[![license](https://img.shields.io/pypi/l/tox-poetry-installer)](https://opensource.org/licenses/MIT)
-[![python-versions](https://img.shields.io/pypi/pyversions/tox-poetry-installer)](https://www.python.org)
-[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
+## Documentation
 
-See the [Changelog](https://github.com/enpaul/tox-poetry-installer/blob/devel/CHANGELOG.md) for release history.
+- [Feature Overview](#feature-overview)
+- [Using the Plugin](#user-documentation)
+  - [Installing](#installing)
+  - [Quick Start](#quick-start)
+  - [References](#references)
+    - [Config Options](#configuration-options)
+    - [Runtime Options](#runtime-options)
+    - [Errors](#errors)
+  - [Other Notes](#other-notes)
+    - [Unsupported Tox config options](#unsupported-tox-config-options)
+    - [Updating locked dependencies in a testenv](#updating-locked-dependencies-in-a-testenv)
+    - [Installing unsafe dependencies](#installing-unsafe-dependencies)
+    - [Using with an unmanaged Poetry installation](#using-with-an-unmanaged-poetry-installation)
+- [Developing the Plugin](#developer-documentation)
+- [Road Map](#road-map)
 
-**Documentation**
+See the
+[Changelog](https://github.com/enpaul/tox-poetry-installer/blob/devel/CHANGELOG.md) for
+release history.
 
-* [Introduction](#introduction)
-  * [Install](#install)
-  * [Quick Start](#quick-start)
-  * [Why would I use this?](#why-would-i-use-this) (What problems does this solve?)
-* [Reference](#reference)
-  * [Configuration Options](#configuration-options)
-  * [Command-line Arguments](#command-line-arguments)
-  * [Errors](#errors)
-  * [Advanced Usage](#advanced-usage)
-* [Developing](#developing)
-* [Contributing](#contributing)
-* [Roadmap](#roadmap)
-  * [Path to Beta](#path-to-beta)
-  * [Path to Stable](#path-to-stable)
+*See also: [official Tox plugins](https://tox.readthedocs.io/en/latest/plugins.html), [Poetry Tox plugin](https://github.com/tkukushkin/tox-poetry)*
 
-Related resources:
-* [Poetry Python Project Manager](https://python-poetry.org/)
-* [Tox Automation Project](https://tox.readthedocs.io/en/latest/)
-* [Other Tox plugins](https://tox.readthedocs.io/en/latest/plugins.html)
+## Feature Overview
 
-Similar projects:
-* [Poetry Dev-Dependencies Tox Plugin](https://github.com/sinoroc/tox-poetry-dev-dependencies)
-* [Poetry Tox Plugin](https://github.com/tkukushkin/tox-poetry)
+- Manage package versions in exactly one place and with exactly one tool: Poetry.
+- Ensure CI/CD and other automation tools are using the same package versions that you are
+  in your local development environment.
+- Add only the packages or custom groups you need to a Tox test environment, instead of
+  everything in your lockfile.
+- Directly integrate with Poetry, re-using your existing package indexes and credentials,
+  with no additional configuration.
+- Wherever possible, built-in Tox config options are always respected and their behavior
+  kept consistent.
+- Extremely configurable. Every feature can be disabled or enabled for any given Tox test
+  environment.
+- Friendly to other Tox plugins and supports a wide range of environments.
 
+## User Documentation
 
-## Introduction
+*This section is for users looking to integrate the plugin with their project or CI system. For information on contributing to the plugin please see the [Developer Docs](#developer-documentation)*
 
-This is a plugin to unify two great projects in the Python ecosystem: the
-[Tox](https://tox.readthedocs.io/en/latest/) automation project and the
-[Poetry](https://python-poetry.org) project/dependency manager. Specifically it allows
-the repeatable dependency resolution and installation tools that Poetry uses to benefit
-the isolated environments that Tox uses to run automated tests. The motivation to write
-this plugin came from a need for a single source of truth for the versions of all
-packages that should be installed to an environment.
+### Installing
 
-When in use this plugin will allow a Tox environment to install its required
-dependencies using the versions specified in the Poetry lockfile. This eliminates
-needing to specify package versions in multiple places as well as ensures that the Tox
-environment has the exact same versions of a given package as the Poetry environment.
-This reduces (or hopefully eliminates) hard to debug problems caused by subtle
-differences in the dependency graph of the active development environment (the one managed
-by Poetry) and the automated test environment(s) created by Tox.
-
-To learn more about the problems this plugin aims to solve jump ahead to
-[What problems does this solve?](#why-would-i-use-this).
-Otherwise keep reading to get started.
-
-### Install
-
-The recommended way to install the plugin is to add it to a project's `pyproject.toml`
-and lockfile using Poetry:
+The recommended way to install the plugin is to add it to a project using Poetry:
 
 ```bash
 poetry add tox-poetry-installer[poetry] --dev
 ```
 
-**WARNING:** The below installation methods are vulnerable to the
-[transient dependency issues this plugin aims to avoid](#why-would-i-use-this). It is
-always recommended to install dependencies using Poetry whenever possible.
+> **Note:** Always install the plugin with the `[poetry]` extra, unless you are
+> [managing the Poetry installation yourself](#externally-managed-poetry-installation).
 
-The plugin can also be installed with pip directly, though it is recommended to always
-install to a virtual environment and pin to a specific version:
+Alternatively, it can be installed directly to a virtual environment using Pip, though
+this is not recommended:
 
 ```bash
-source my-venv/bi/activate
-pip install tox-poetry-installer[poetry] == 0.6.0
+source somevenv/bin/activate
+pip install tox-poetry-installer
 ```
 
-The plugin can also be installed using the Tox
-[`requires`]((https://tox.readthedocs.io/en/latest/config.html#conf-requires))
-configuration option. Note however that dependencies installed via the `requires` option
-are not handled by the plugin and will be installed the same way as a `pip install ...`
-above. For this reason it is also recommended to always pin to a specific version when
-using this installation method:
+Alternatively alternatively, it can be installed using the Tox
+[`requires`](https://tox.readthedocs.io/en/latest/config.html#conf-requires) option by
+adding the below to `tox.ini`, though this is also not recommended:
 
 ```ini
-# tox.ini
-[tox]
-requires
-    tox-poetry-installer[poetry] == 0.6.0
+requires =
+    tox-poetry-installer[poetry] == 0.8.0
 ```
 
-Check that the plugin is registered by checking the Tox version:
+After installing, check that Tox recognizes the plugin by running
+`poetry run tox --version`. The command should give output similar to below:
 
 ```
-~ $: poetry run tox --version
 3.20.0 imported from .venv/lib64/python3.8/site-packages/tox/__init__.py
 registered plugins:
-    tox-poetry-installer-0.6.0 at .venv/lib64/python3.8/site-packages/tox_poetry_installer.py
+    tox-poetry-installer-0.8.0 at .venv/lib64/python3.8/site-packages/tox_poetry_installer/__init__.py
 ```
 
-**NOTE:** Installing the `tox-poetry-installer[poetry]` extra will add the `poetry`
-package as a managed environment dependency which can cause problems when the Poetry
-installation is externally managed (such as in a CI or container environment). See
-[Advanced Usage](#installing-alongside-an-existing-poetry-installation) for more
-information on this use case.
-
 ### Quick Start
 
-Before making any changes to `tox.ini` the project is already benefiting from having
-the plugin installed: all dependencies of the root project package are installed using
-the Poetry backend to all Tox environments that install the root package without any
-configuration changes.
+Congratulations! 🎉 Just by installing the plugin your Tox config is already using locked
+dependencies: when Tox builds and installs your project package to a test environment,
+your project package's dependencies will be installed from the lockfile.
 
-To add dependencies from the lockfile to a Tox environment, add the option
-[`locked_deps`](#locked_deps) to the environment configuration and list names of
-dependencies (with no version specifier) under it:
+Now lets update an example `tox.ini` to install the other test environment dependencies
+from the lockfile.
+
+A `testenv` from the example `tox.ini` we're starting with is below:
+
+```ini
+[testenv]
+description = Some very cool tests
+deps =
+    black == 20.8b1
+    pylint >=2.4.4,<2.7.0
+    mypy <0.800
+commands = ...
+```
+
+To update the config so that the testenv dependencies are installed from the lockfile, we
+can replace the built-in
+[`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) option with the
+`locked_deps` option provided by the plugin, and then remove the inline version
+specifiers. With these changes the three testenv dependencies (as well as all of their
+dependencies) will be installed from the lockfile when the test environment is recreated:
 
 ```ini
 [testenv]
@@ -134,125 +130,63 @@ locked_deps =
 commands = ...
 ```
 
-The standard [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) option
-can be used in parallel with the `locked_deps` option to install unlocked dependencies
-(dependencies not in the lockfile) alongside locked dependencies:
-
-```ini
-[testenv]
-description = Some very cool tests
-locked_deps =
-    black
-    pylint
-    mypy
-deps =
-    pytest == 6.1.1
-    pytest-cov >= 2.10, <2.11
-commands = ...
-```
-
-Alternatively, to quickly install all Poetry dev-dependencies to a Tox environment, add the
-[`install_dev_deps`](#install_dev_deps) option to the environment configuration:
-
-```ini
-[testenv]
-description = Some very cool tests
-install_dev_deps = true
-```
-
-See the [Reference](#reference) section for more details on available
-configuration options and the [Advanced Usage](#advanced-usage) section for some
-unusual use cases.
-
-### Why would I use this?
-
-**The Problem**
-
-By default Tox uses Pip to install the [PEP-508](https://www.python.org/dev/peps/pep-0508/)
-compliant dependencies to a test environment. This plugin extends the default Tox
-dependency installation behavior to support installing dependencies using a Poetry-based
-installation method that makes use of the dependency metadata from Poetry's lockfile.
-
-Environment dependencies for a Tox environment are usually specified in PEP-508 format, like
-the below example:
-
-```ini
-[testenv]
-description = Some very cool tests
-deps =
-    foo == 1.2.3
-    bar >=1.3,<2.0
-    baz
-```
-
-Let's assume these dependencies are also useful during development, so they can be added to the
-Poetry environment using this command:
-
- ```
- poetry add --dev \
-    foo==1.2.3 \
-    bar>=1.3,<2.0 \
-    baz
- ```
-
- However there is a potential problem that could arise from each of these environment
- dependencies that would _only_ appear in the Tox environment and not in the Poetry
- environment in use by a developer:
-
- * **The `foo` dependency is pinned to a specific version:** let's imagine a security
-   vulnerability is discovered in `foo` and the maintainers release version `1.2.4` to fix
-   it. A developer can run `poetry remove foo` and then `poetry add foo^1.2` to get the new
-   version, but the Tox environment is left unchanged. The development environment, as defined by
-   the lockfile, is now patched against the vulnerability but the Tox environment is not.
-
-* **The `bar` dependency specifies a dynamic range:** a dynamic range allows a range of
-  versions to be installed, but the lockfile will have an exact version specified so that
-  the Poetry environment is reproducible; this allows versions to be updated with
-  `poetry update` rather than with the `remove` and `add` commands used above. If the
-  maintainers of `bar` release version `1.6.0` then the Tox environment will install it
-  because it is valid for the specified version range. Meanwhile the Poetry environment will
-  continue to install the version from the lockfile until `poetry update bar` explicitly
-  updates it. The development environment is now has a different version of `bar` than the Tox
-  environment.
-
-* **The `baz` dependency is unpinned:** unpinned dependencies are
-  [generally a bad idea](https://python-poetry.org/docs/faq/#why-are-unbound-version-constraints-a-bad-idea),
-  but here it can cause real problems. Poetry will interpret an unbound dependency using
-  [the carrot requirement](https://python-poetry.org/docs/dependency-specification/#caret-requirements)
-  but Pip (via Tox) will interpret it as a wildcard. If the latest version of `baz` is `1.0.0`
-  then `poetry add baz` will result in a constraint of `baz>=1.0.0,<2.0.0` while the Tox
-  environment will have a constraint of `baz==*`. The Tox environment can now install an
-  incompatible version of `baz` and any errors that causes cannot be replicated using `poetry update`.
-
-All of these problems can apply not only to the dependencies specified for a Tox environment,
-but also to the dependencies of those dependencies, those dependencies' dependencies, and so on.
-
-**The Solution**
-
-This plugin allows dependencies specified in Tox environment take their version directly from
-the Poetry lockfile without needing an independent version to be specified in the Tox
-environment configuration. The modified version of the example environment given below appears
-less stable than the one presented above because it does not specify any versions for its
-dependencies:
+We can also add the `require_locked_deps` option to the test environment. This will both
+block any other install tools (another plugin or Tox itself) from installing dependencies
+to the Tox environment and also cause Tox to fail if the test environment also uses the
+built-in [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) option:
 
 ```ini
 [testenv]
 description = Some very cool tests
 require_locked_deps = true
 locked_deps =
-    foo
-    bar
-    baz
+    black
+    pylint
+    mypy
+commands = ...
 ```
 
-However with the `tox-poetry-installer` plugin installed Tox will install these
-dependencies from the Poetry lockfile so that the version installed to the Tox
-environment exactly matches the version Poetry is managing. When `poetry update` updates
-the lockfile with new versions of these dependencies, Tox will automatically install
-these new versions without needing any changes to the configuration.
+> **Note:** Settings configured on the main `testenv` environment are inherited by child
+> test environments (for example, `testenv:foo`). To override this, specify the setting in
+> the child environment with a different value.
 
+Alternatively, we can skip specifying all of our dependencies for a test environment in
+the Tox config and install Poetry dependency groups directly:
 
-## Reference
+```ini
+[testenv]
+description = Some very cool tests
+require_locked_deps = true
+poetry_dep_groups =
+    dev
+commands = ...
+```
+
+> **Note:** Setting `poetry_dep_groups = [dev]` on an environment that also installs the
+> project package is functionally equivalent to running `poetry install`.
+
+> **Note:** The `install_dev_deps` configuration option is deprecated. See [Configuration
+> Options](#configuration-options) for more information.
+
+Finally, we can also install an unlocked dependency (a dependency which doesn't take its
+version from the Poetry lockfile) into the test environment alongside the locked ones. We
+need to remove the `require_locked_deps = true` option, otherwise the environment will
+error, and then we can add the unlocked dependency using the built-in
+[`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) option:
+
+```ini
+[testenv]
+description = Some very cool tests
+deps =
+    pytest >= 5.6.0,<6.0.0
+locked_deps =
+    black
+    pylint
+    mypy
+commands = ...
+```
+
+## References
 
 ### Configuration Options
 
@@ -260,210 +194,141 @@ All options listed below are Tox environment options and can be applied to one o
 environment sections of the `tox.ini` file. They cannot be applied to the global Tox
 configuration section.
 
-**NOTE:** Environment settings applied to the main `testenv` environment will be
-inherited by child environments (i.e. `testenv:foo`) unless they are explicitly
-overridden by the child environment's configuration.
+> **Note:** Settings configured on the main `testenv` environment are inherited by child
+> test environments (for example, `testenv:foo`). To override this, specify the setting in
+> the child environment with a different value.
 
-#### `locked_deps`
+| Option                 |  Type   | Default | Description                                                                                                                                                                                                                                                                                                                                                          |
+| :--------------------- | :-----: | :-----: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `locked_deps`          |  List   |  `[]`   | Names of packages to install to the test environment from the Poetry lockfile. Transient dependencies (packages required by these dependencies) are automatically included.                                                                                                                                                                                          |
+| `require_locked_deps`  | Boolean |  False  | Whether the plugin should block attempts to install unlocked dependencies to the test environment. If enabled, then the [`tox_testenv_install_deps`](https://tox.readthedocs.io/en/latest/plugins.html#tox.hookspecs.tox_testenv_install_deps) plugin hook will be intercepted and an error will be raised if the test environment has the `deps` option configured. |
+| `install_project_deps` | Boolean |  True   | Whether all of the Poetry primary dependencies for the project package should be installed to the test environment.                                                                                                                                                                                                                                                  |
+| `require_poetry`       | Boolean |  False  | Whether Tox should be forced to fail if the plugin cannot import Poetry locally. If `False` then the plugin will be skipped for the test environment if Poetry cannot be imported. If `True` then the plugin will force the environment to error and the Tox run to fail.                                                                                            |
+| `poetry_dep_groups`    |  List   |  `[]`   | Names of Poetry dependency groups specified in `pyproject.toml` to install to the test environment.                                                                                                                                                                                                                                                                  |
 
-* **Type:** multi-line list
-* **Default:** `[]`
+> **Note:** The `install_dev_deps` configuration option is deprecated and will be removed in
+> version 1.0.0. Please set `poetry_dep_groups = [dev]` in `tox.ini` for environments that
+> install the development dependencies.
 
-Names of packages in the Poetry lockfile to install to the Tox environment. All
-dependencies specified here will be installed to the Tox environment using the details
-given by the Poetry lockfile.
-
-#### `require_locked_deps`
-
-
-* **Type:** boolean
-* **Default:** `false`
-
-Whether the environment should allow unlocked dependencies (dependencies not in the
-Poetry lockfile) to be installed alongside locked dependencies. If `true` then an error
-will be raised if the environment specifies unlocked dependencies to install and the
-plugin will block any other plugins from using the
-[`tox_testenv_install_deps`](https://tox.readthedocs.io/en/latest/plugins.html#tox.hookspecs.tox_testenv_install_deps)
-hook.
-
-#### `install_dev_deps`
-
-* **Type:** boolean
-* **Default:** `false`
-
-Whether all Poetry dev-dependencies should be installed to the environment. If `true`
-then all dependencies specified in the
-[`dev-dependencies`](https://python-poetry.org/docs/pyproject/#dependencies-and-dev-dependencies)
-section of `pyproject.toml` will be installed automatically.
-
-### Command-line Arguments
+### Runtime Options
 
 All arguments listed below can be passed to the `tox` command to modify runtime behavior
 of the plugin.
 
-#### `--require-poetry`
+| Argument                     |  Type   | Default | Description                                                                                                                                                                                                                                                                          |
+| :--------------------------- | :-----: | :-----: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `--parallel-install-threads` | Integer |  `10`   | Number of worker threads to use to install dependencies in parallel. Installing in parallel with more threads can greatly speed up the install process, but can cause race conditions during install. Pass this option with the value `0` to entirely disable parallel installation. |
 
-Indicates that Poetry is expected to be available to Tox and, if it is not, then the Tox
-run should fail. If provided and the `poetry` package is not installed to the same
-environment as the `tox` package then Tox will fail.
+> **Note:** The `--require-poetry` runtime option is deprecated and will be removed in
+> version 1.0.0. Please set `require_poetry = true` in `tox.ini` for environments that
+> should fail if Poetry is not available.
 
-**NOTE:** See [Advanced Usage](#installing-alongside-an-existing-poetry-installation)
-for more information.
+> **Note:** The `--parallelize-locked-install` option is deprecated and will be removed in
+> version 1.0.0. Please use the `--parallel-install-threads` option.
 
 ### Errors
 
-If the plugin encounters an error while processing a Tox environment then it will mark
-the environment as failed and set the environment status to one of the values below:
+There are several errors that the plugin can encounter for a test environment when Tox is
+run. If an error is encountered then the status of the test environment that caused the
+error will be set to one of the "Status" values below to indicate what the error was.
 
-**NOTE:** In addition to the reasons noted below, the plugin can encounter errors if the
-Poetry lockfile is not up-to-date with `pyproject.toml`. To resynchronize the
-lockfile with the `pyproject.toml` run one of
-[`poetry update`](https://python-poetry.org/docs/cli/#update) or
-[`poetry lock`](https://python-poetry.org/docs/cli/#lock)
+| Status/Name                     | Cause                                                                                                                                                                                                                           |
+| :------------------------------ | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `ExtraNotFoundError`            | Indicates that the [`extras`](https://tox.readthedocs.io/en/latest/config.html#conf-extras) config option specified an extra that is not configured by Poetry in `pyproject.toml`.                                              |
+| `LockedDepVersionConflictError` | Indicates that an item in the `locked_deps` config option includes a [PEP-508 version specifier](https://www.python.org/dev/peps/pep-0508/#grammar) (ex: `pytest >=6.0, <6.1`).                                                 |
+| `LockedDepNotFoundError`        | Indicates that an item specified in the `locked_deps` config option does not match the name of a package in the Poetry lockfile.                                                                                                |
+| `LockedDepsRequiredError`       | Indicates that a test environment with the `require_locked_deps` config option set to `true` also specified unlocked dependencies using the [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) config option. |
+| `PoetryNotInstalledError`       | Indicates that the `poetry` module could not be imported under the current runtime environment, and `require_poetry = true` was specified.                                                                                      |
+| `RequiresUnsafeDepError`        | Indicates that the package-under-test depends on a package that Poetry has classified as unsafe and cannot be installed.                                                                                                        |
 
-#### Poetry Not Installed Error
+> **Note:** One or more of these errors can be caused by the `pyproject.toml` being out of
+> sync with the Poetry lockfile. If this is the case, than a warning will be logged when Tox
+> is run.
 
-* **Status value:** `PoetryNotInstalledError`
-* **Cause:** Indicates that the `poetry` module could not be imported from the same
-  environment as the running `tox` module and the runtime flags specified
-  [`--require-poetry`](#--require-poetry).
-* **Resolution options:**
-  * Install Poetry: ensure that `poetry` is installed to the same environment as `tox`.
-  * Skip running the plugin: remove the `--require-poetry` flag from the runtime options.
+### Other Notes
 
-**NOTE:** See [Advanced Usage](#installing-alongside-an-existing-poetry-installation)
-for more information.
+#### Unsupported Tox config options
 
-#### Locked Dependency Version Conflict Error
+Below are the built-in Tox config options that are not respected by this plugin. All of
+these options are made obsolete by the Poetry lockfile: either they aren't needed or their
+equivalent functionality is instead taken directly from the package details Poetry stores
+in its lockfile.
 
-* **Status value:** `LockedDepVersionConflictError`
-* **Cause:** Indicates that a dependency specified in the [`locked_deps`](#locked_deps)
-  configuration option in `tox.ini` includes a
-  [PEP-508 version specifier](https://www.python.org/dev/peps/pep-0508/#grammar)
-  (i.e. `pytest >=6.0, <6.1`).
-* **Resolution options:**
-  * Use the dependency version from the lockfile: remove any/all version specifiers
-    from the item in the `locked_deps` list in `tox.ini`.
-  * Do not install the dependency: remove the item from the `locked_deps` list in
-    `tox.ini`.
+> **Note:** The unsupported Tox config options will still apply to unlocked dependencies
+> being installed with the default Tox installation backend.
 
-#### Locked Dependency Not Found Error
+- [`install_command`](https://tox.readthedocs.io/en/latest/config.html#conf-install_command)
+- [`pip_pre`](https://tox.readthedocs.io/en/latest/config.html#conf-pip_pre)
+- [`download`](https://tox.readthedocs.io/en/latest/config.html#conf-download)
+- [`indexserver`](https://tox.readthedocs.io/en/latest/config.html#conf-indexserver)
+- [`usedevelop`](https://tox.readthedocs.io/en/latest/config.html#conf-indexserver)
 
-* **Status value:** `LockedDepNotFoundError`
-* **Cause:** Indicates that a dependency specified in the [`locked_deps`](#locked_deps)
-  configuration option in `tox.ini` could not be found in the Poetry lockfile.
-* **Resolution options:**
-  * Add the dependency to the lockfile: run
-    [`poetry add <dependency>`](https://python-poetry.org/docs/cli/#add).
-  * Do not install the dependency: remove the item from the `locked_deps` list in
-    `tox.ini`.
+#### Updating locked dependencies in a testenv
 
-#### Extra Not Found Error
+When Poetry updates the version of a package in the lockfile (using either `poetry lock`
+or `poetry update`) then the plugin will automatically use this new version to install the
+package to a test environment; there is no need to manually update `tox.ini` after
+updating the Poetry lockfile.
 
-* **Status value:** `ExtraNotFoundError`
-* **Cause:** Indicates that the [`extras`](https://tox.readthedocs.io/en/latest/config.html#conf-extras)
-  configuration option specified a setuptools extra that is not configured by Poetry in
-  `pyproject.toml`
-* **Resolution options:**
-  * Configure the extra: add a section for the named extra to the
-    [`extras`](https://python-poetry.org/docs/pyproject/#extras) section of
-    `pyproject.toml` and optionally assign dependencies to the named extra using the
-    [`--optional`](https://python-poetry.org/docs/cli/#options_3) dependency setting.
-  * Remove the extra: remove the item from the `extras` list in `tox.ini`.
+However, the plugin cannot determine when the lockfile is updated. If a Tox test
+environment has already been created then it will need to be recreated (using Tox's
+built-in
+[`--recreate`](https://tox.readthedocs.io/en/latest/example/basic.html#forcing-re-creation-of-virtual-environments)
+option) for the new version to be found and installed.
 
-#### Locked Dependencies Required Error
+> **Note:** To force Tox to always recreate a test environment the
+> [`recreate`](https://tox.readthedocs.io/en/latest/config.html#conf-recreate) config option
+> can be set.
 
-* **Status value:** `LockedDepsRequiredError`
-* **Cause:** Indicates that an environment with the [`require_locked_deps`](#require_locked_deps)
-  configuration option also specified unlocked dependencies using
-  [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) option in
-  `tox.ini`.
-* **Resolution options:**
-  * Remove all unlocked dependencies: remove the `deps` configuration option in
-    `tox.ini`.
-  * Allow unlocked dependencies: remove the `require_locked_deps` configuration option
-    in `tox.ini` or explicitly set `require_locked_deps = false`.
-
-### Advanced Usage
-
-#### Unsupported Tox configuration options
-
-The `tox.ini` configuration options listed below have no effect on the dependencies
-installed by this plugin the Poetry lockfile. Note that these settings will still be
-applied by the default Tox installation backend when installing unlocked dependencies
-using the built-in `deps` option.
-
-  * [`install_command`](https://tox.readthedocs.io/en/latest/config.html#conf-install_command)
-  * [`pip_pre`](https://tox.readthedocs.io/en/latest/config.html#conf-pip_pre)
-  * [`download`](https://tox.readthedocs.io/en/latest/config.html#conf-download)
-  * [`indexserver`](https://tox.readthedocs.io/en/latest/config.html#conf-indexserver)
-  * [`usedevelop`](https://tox.readthedocs.io/en/latest/config.html#conf-indexserver)
-
-All of these options are obsoleted by using the Poetry backend. If a given package
-installs successfully using Poetry (using either `poetry add <package>` or
-`poetry install`) then the required configuration options are already properly set in
-the Poetry configuration and the plugin will automatically use the same settings when
-installing the package.
-
-#### Reinstalling locked dependencies to a Tox environment
-
-Updating the `poetry.lock` file will not automatically cause Tox to install the updated
-lockfile specifications to the Tox environments that specify them.
-
-The Tox environment(s) with updated locked dependencies must be deleted and recreated
-using the [`--recreate`](https://tox.readthedocs.io/en/latest/config.html#cmdoption-tox-r)
-runtime flag. Alternatively Tox can be configured to always recreate an environment by
-setting the [`recreate`](https://tox.readthedocs.io/en/latest/config.html#conf-recreate)
-option in `tox.ini`.
-
-#### Installing Poetry's unsafe dependencies
+#### Installing unsafe dependencies
 
 There are several packages that cannot be installed from the lockfile because they are
 excluded by Poetry itself. As a result these packages cannot be installed by this plugin
-either as environment dependencies (passed directly to [`locked_deps`](#locked_deps)) or
-as transient dependencies (a dependency of a locked dependency).
+either as test environment dependencies passed directly to `locked_deps` or as a transient
+dependency. When one of these packages is encountered by the plugin a warning will be
+logged to the console and
+**the unsafe package will not be installed to the test environment**.
 
-As of [Poetry-1.1.4](https://github.com/python-poetry/poetry/releases/tag/1.1.4) there
-are four packages classified as "unsafe" by Poetry and excluded from the lockfile:
+This list can be found in the Poetry source code
+[here](https://github.com/python-poetry/poetry/blob/master/poetry/puzzle/provider.py). As
+of [Poetry 1.1.6](https://github.com/python-poetry/poetry/releases/tag/1.1.6) there are
+four packages classified as "unsafe" by Poetry and excluded from the lockfile:
 
-* `setuptools`
-* `distribute`
-* `pip`
-* `wheel`
+- `setuptools`
+- `distribute`
+- `pip`
+- `wheel`
 
-When one of these packages is encountered by the plugin a warning will be logged and
-_**the package will not be installed to the environment**_. If the unsafe package
-is required for the environment then it will need to be specified as an unlocked
-dependency using the [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps)
-configuration option in `tox.ini`, ideally with an exact pinned version.
+#### Using with an unmanaged Poetry installation
 
-* The set of packages excluded from the Poetry lockfile can be found in
-  [`poetry.puzzle.provider.Provider.UNSAFE_DEPENDENCIES`](https://github.com/python-poetry/poetry/blob/master/poetry/puzzle/provider.py)
-* There is an ongoing discussion of Poetry's handling of these packages at
-  [python-poetry/poetry#1584](https://github.com/python-poetry/poetry/issues/1584)
+In CI/CD systems, automation environments, or other Python environments where the loaded
+site packages are not managed by Poetry, it can be useful to manage the local installation
+of Poetry externally. This also helps to avoid problems that can be caused by the
+`--no-root`, `--no-dev`, or `--remove-untracked` arguments to the `poetry install` command
+which, in some situations, can cause Poetry to uninstall itself if Poetry is specified as
+a dependency of one of the packages it is managing (like this plugin). To support these
+use cases, this plugin specifies the `poetry` package as an optional dependency that can
+be installed using a setuptools extra also named `poetry`.
 
-#### Installing alongside an existing Poetry installation
+**Critical Warning: This plugin requires Poetry to function. If the plugin is installed without the `poetry` setuptools extra then Poetry must be installed independently for the plugin to function properly.**
 
-The plugin specifies the `poetry` package as an optional dependency to support an
-externally managed Poetry installation such as in a container or CI environment. This
-gives greater flexibility when using Poetry arguments like `--no-root`, `--no-dev`, or
-`--remove-untracked` which can cause Poetry to uninstall itself if Poetry is specified
-as a dependency of one of the packages it is managing (like this plugin).
-
-To have the plugin use the externally-managed Poetry package simply do not install the
-`poetry` extra when installing this plugin:
+To skip installing the `poetry` package as a dependency of `tox-poetry-installer`, do not
+specify the `poetry` extra when adding the plugin:
 
 ```bash
-# Installing Poetry as a dependency with the plugin
-poetry add tox-poetry-installer[poetry]
+# Adding the package without the "[poetry]" extra specifier so that
+# Poetry is not added as a transient dev-dependency:
+poetry add tox-poetry-installer --dev
 
-# Relying on an externally managed Poetry installation
-poetry add tox-poetry-installer
+# Adding the package with the "[poetry]" extra specifier, so the Poetry
+# package will be added to the environment and tracked in the lockfile:
+poetry add tox-poetry-installer[poetry] --dev
 ```
 
-Note that Poetry is an optional dependency to support this use case _only_: Poetry must
-be installed to the same environment as Tox for the plugin to function. To check that
-the local environment has all of the required modules in scope run the below command:
+Once the plugin is installed- either with or without the Poetry extra- you can validate
+that the plugin will run correctly with the following command. This command checks that
+all three required components (Tox, Poetry, and the plugin itself) are available in the
+current Python environment:
 
 ```bash
 python -c '\
@@ -473,16 +338,34 @@ python -c '\
 '
 ```
 
-**NOTE:** To force Tox to fail if Poetry is not installed, run the `tox` command with
-the [`--require-poetry`](#--require-poetry) option.
+> **Note:** To force Tox to fail if Poetry is not installed, add the `require_poetry = true`
+> option to the tox `[testenv]` configuration. See the
+> [Config Options](#configuration-options) for more information.
 
+## Developer Documentation
 
-## Developing
+All project contributors and participants are expected to adhere to the
+[Contributor Covenant Code of Conduct, v2](CODE_OF_CONDUCT.md) ([external link](https://www.contributor-covenant.org/version/2/0/code_of_conduct/)).
 
-This project requires Poetry version 1.0+ on the development workstation, see
-the [installation instructions here](https://python-poetry.org/docs/#installation).
+The `devel` branch has the latest (and potentially unstable) changes. The stable releases
+are tracked on [Github](https://github.com/enpaul/tox-poetry-installer/releases),
+[PyPi](https://pypi.org/project/tox-poetry-installer/#history), and in the
+[Changelog](CHANGELOG.md).
 
-Local environment setup instructions:
+- To report a bug, request a feature, or ask for assistance, please
+  [open an issue on the Github repository](https://github.com/enpaul/tox-poetry-installer/issues/new).
+- To report a security concern or code of conduct violation, please contact the project
+  author directly at **‌me \[at‌\] enp dot‎ ‌one**.
+- To submit an update, please
+  [fork the repository](https://docs.github.com/en/enterprise/2.20/user/github/getting-started-with-github/fork-a-repo)
+  and [open a pull request](https://github.com/enpaul/tox-poetry-installer/compare).
+
+Developing this project requires [Python 3.7+](https://www.python.org/downloads/) and
+[Poetry 1.2](https://python-poetry.org/docs/#installation) or later. GNU Make can
+optionally be used to quickly setup a local development environment, but this is not
+required.
+
+To setup a local development environment:
 
 ```bash
 # Clone the repository...
@@ -491,80 +374,59 @@ git clone https://github.com/enpaul/tox-poetry-installer.git
 # ...over SSH
 git clone git@github.com:enpaul/tox-poetry-installer.git
 
-# Create a the local project virtual environment and install dependencies
-cd tox-poetry-installer
-poetry install -E poetry
+cd tox-poetry-installer/
 
-# Install pre-commit hooks
-poetry run pre-commit install
+# Create and configure the local development environment
+make dev
 
-# Run tests and static analysis
-poetry run tox
+# Run tests and CI locally
+make test
+
+# See additional make targets
+make help
 ```
 
-**NOTE:** Because the pre-commit hooks require dependencies in the Poetry environment it
-is recommend to [launch an environment shell](https://python-poetry.org/docs/cli/#shell)
-when developing the project. Alternatively, many `git` commands will need to be run from
-outside of the environment shell by prefacing the command with
-[`poetry run`](https://python-poetry.org/docs/cli/#run).
+> **Note:** The pre-commit hooks require dependencies in the Poetry environment to run. To
+> make a commit with the pre-commit hooks, you will need to run `poetry run git commit` or,
+> alternatively, [launch an environment shell](https://python-poetry.org/docs/cli/#shell).
 
-
-## Contributing
-
-All project contributors and participants are expected to adhere to the
-[Contributor Covenant Code of Conduct, v2](CODE_OF_CONDUCT.md)
-([external link](https://www.contributor-covenant.org/version/2/0/code_of_conduct/)).
-
-The `devel` branch has the latest (potentially unstable) changes. The
-[tagged versions](https://github.com/enpaul/tox-poetry-installer/releases) correspond to the
-releases on PyPI.
-
-* To report a bug, request a feature, or ask for assistance, please
-  [open an issue on the Github repository](https://github.com/enpaul/tox-poetry-installer/issues/new).
-* To report a security concern or code of conduct violation, please contact the project author
-  directly at **‌me [at‌] enp dot‎ ‌one**.
-* To submit an update, please
-  [fork the repository](https://docs.github.com/en/enterprise/2.20/user/github/getting-started-with-github/fork-a-repo)
-  and
-  [open a pull request](https://github.com/enpaul/tox-poetry-installer/compare).
-
-
-## Roadmap
+## Road Map
 
 This project is under active development and is classified as beta software, ready for
 production environments on a provisional basis only.
 
-* Beta classification was assigned with [v0.6.0](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.0)
-* Stable classification will be assigned when the test suite covers an acceptable number of
+- Beta classification was assigned with
+  [v0.6.0](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.6.0)
+- Stable classification will be assigned when the test suite covers an acceptable number of
   use cases
 
 ### Path to Beta
 
-- [X] Verify that primary package dependencies (from the `.package` env) are installed
-      correctly using the Poetry backend.
-- [X] Support the [`extras`](https://tox.readthedocs.io/en/latest/config.html#conf-extras)
-      Tox configuration option ([#4](https://github.com/enpaul/tox-poetry-installer/issues/4))
-- [X] Add per-environment Tox configuration option to fall back to default installation
-      backend.
+- [x] Verify that primary package dependencies (from the `.package` env) are installed
+  correctly using the Poetry backend.
+- [x] Support the [`extras`](https://tox.readthedocs.io/en/latest/config.html#conf-extras) Tox
+  configuration option ([#4](https://github.com/enpaul/tox-poetry-installer/issues/4))
+- [x] Add per-environment Tox configuration option to fall back to default installation
+  backend.
 - [ ] ~Add warnings when an unsupported Tox configuration option is detected while using the
-      Poetry backend. ([#5](https://github.com/enpaul/tox-poetry-installer/issues/5))~
-- [X] Add trivial tests to ensure the project metadata is consistent between the pyproject.toml
-      and the module constants.
-- [X] Update to use [poetry-core](https://github.com/python-poetry/poetry-core) and
-      improve robustness of the Tox and Poetry module imports
-      to avoid potentially breaking API changes in upstream packages. ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
-- [ ] ~Find and implement a way to mitigate the [UNSAFE_DEPENDENCIES issue](https://github.com/python-poetry/poetry/issues/1584) in Poetry.
-      ([#6](https://github.com/enpaul/tox-poetry-installer/issues/6))~
-- [X] Fix logging to make proper use of Tox's logging reporter infrastructure ([#3](https://github.com/enpaul/tox-poetry-installer/issues/3))
-- [X] Add configuration option for installing all dev-dependencies to a testenv ([#14](https://github.com/enpaul/tox-poetry-installer/issues/14))
+  Poetry backend.~ ([#5](https://github.com/enpaul/tox-poetry-installer/issues/5))
+- [x] Add trivial tests to ensure the project metadata is consistent between the pyproject.toml
+  and the module constants.
+- [x] Update to use [poetry-core](https://github.com/python-poetry/poetry-core) and improve
+  robustness of the Tox and Poetry module imports to avoid potentially breaking API changes
+  in upstream packages. ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
+- [ ] ~Find and implement a way to mitigate the
+  [UNSAFE_DEPENDENCIES issue](https://github.com/python-poetry/poetry/issues/1584) in
+  Poetry.~ ([#6](https://github.com/enpaul/tox-poetry-installer/issues/6))
+- [x] Fix logging to make proper use of Tox's logging reporter infrastructure ([#3](https://github.com/enpaul/tox-poetry-installer/issues/3))
+- [x] Add configuration option for installing all dev-dependencies to a testenv ([#14](https://github.com/enpaul/tox-poetry-installer/issues/14))
 
 ### Path to Stable
 
 Everything in Beta plus...
 
-- [ ] Add comprehensive unit tests
-- [ ] Add tests for each feature version of Tox between 3.0 and 3.20
-- [ ] Add tests for Python-3.6, 3.7, 3.8, and 3.9
-- [X] Add Github Actions based CI
-- [ ] Add CI for CPython, PyPy, and Conda
-- [ ] Add CI for Linux and Windows
+- [ ] Fully replace dependency on `poetry` with dependency on `poetry-core` ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
+- [x] Add comprehensive unit tests
+- [ ] ~Add tests for each feature version of Tox between 3.8 and 3.20~
+- [x] Add tests for Python-3.6, 3.7, 3.8, and 3.9
+- [x] Add Github Actions based CI

pyproject.toml

@@ -1,9 +1,9 @@
 [tool.poetry]
 name = "tox-poetry-installer"
-version = "0.6.2"
+version = "0.10.1"
 license = "MIT"
 authors = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]
-description = "Tox plugin to install Tox environment dependencies using the Poetry backend and lockfile"
+description = "A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile"
 repository = "https://github.com/enpaul/tox-poetry-installer/"
 packages = [
   {include = "tox_poetry_installer"},
@@ -22,10 +22,12 @@ classifiers = [
   "License :: OSI Approved :: MIT License",
   "Natural Language :: English",
   "Operating System :: OS Independent",
-  "Programming Language :: Python :: 3.6",
+  "Programming Language :: Python :: 3",
   "Programming Language :: Python :: 3.7",
   "Programming Language :: Python :: 3.8",
   "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
   "Programming Language :: Python :: Implementation :: CPython",
 ]
 
@@ -33,30 +35,39 @@ classifiers = [
 poetry_installer = "tox_poetry_installer"
 
 [tool.poetry.extras]
-poetry = ["poetry"]
+poetry = ["poetry", "cleo"]
 
 [tool.poetry.dependencies]
-python = "^3.6.1"
-poetry = {version = "^1.0.0", optional = true}
-poetry-core = "^1.0.0"
-tox = "^3.0.0"
+python = "^3.7"
+cleo = {version = ">=1.0,<3.0", optional = true}
+poetry = {version = "^1.2.0", optional = true}
+poetry-core = "^1.1.0"
+tox = "^3.8.0"
 
-[tool.poetry.dev-dependencies]
+[tool.poetry.group.dev.dependencies]
 bandit = "^1.6.2"
-black = { version = "^20.8b1", allow-prereleases = true }
+black = "^22.3.0"
 blacken-docs = "^1.8.0"
-ipython = { version = "^7.18.1", python = "^3.7" }
-mypy = "^0.782"
+ipython = {version = "^8.10.1", python = "^3.8"}
+mdformat = "^0.6"
+mdformat-gfm = "^0.2"
+mypy = "^0.930"
 pre-commit = "^2.7.1"
 pre-commit-hooks = "^3.3.0"
-pylint = "^2.4.4"
+pylint = "^2.13.0"
 pytest = "^6.0.2"
 pytest-cov = "^2.10.1"
 reorder-python-imports = "^2.3.5"
-safety = "^1.9.0"
+safety = "^2.2.0"
 toml = "^0.10.1"
 tox = "^3.20.0"
+types-toml = "^0.10.1"
+# This is a workaround for this issue with the Poetry export
+# plugin which was blocking the 'security' CI check:
+#
+# https://github.com/python-poetry/poetry-plugin-export/issues/176
+virtualenv = ">=20.15,<20.16"
 
 [build-system]
-requires = ["poetry-core>=1.0.0"]
+requires = ["poetry-core>=1.1.0"]
 build-backend = "poetry.core.masonry.api"

tests/fixtures.py

@@ -0,0 +1,67 @@
+# pylint: disable=missing-module-docstring, missing-function-docstring, unused-argument, too-few-public-methods
+import time
+from pathlib import Path
+
+import poetry.factory
+import poetry.installation.pip_installer
+import poetry.utils.env
+import pytest
+import tox
+from poetry.core.packages.package import Package as PoetryPackage
+
+from tox_poetry_installer import utilities
+
+
+TEST_PROJECT_PATH = Path(__file__).parent.resolve() / "test-project"
+
+FAKE_VENV_PATH = Path("nowhere")
+
+
+class MockVirtualEnv:
+    """Mock class for the :class:`poetry.utils.env.VirtualEnv` and :class:`tox.venv.VirtualEnv`"""
+
+    class MockTestenvConfig:  # pylint: disable=missing-class-docstring
+        envdir = FAKE_VENV_PATH
+
+    def __init__(self, *args, **kwargs):
+        self.envconfig = self.MockTestenvConfig()
+        self.installed = []
+
+    @staticmethod
+    def is_valid_for_marker(*args, **kwargs):
+        return True
+
+    @staticmethod
+    def get_version_info():
+        return (1, 2, 3)
+
+
+class MockPipInstaller:
+    """Mock class for the :class:`poetry.installation.pip_installer.PipInstaller`"""
+
+    def __init__(self, env: MockVirtualEnv, **kwargs):
+        self.env = env
+
+    def install(self, package: PoetryPackage):
+        self.env.installed.append(package)
+        time.sleep(1)
+
+
+@pytest.fixture
+def mock_venv(monkeypatch):
+    monkeypatch.setattr(utilities, "convert_virtualenv", lambda venv: venv)
+    monkeypatch.setattr(
+        poetry.installation.pip_installer, "PipInstaller", MockPipInstaller
+    )
+    monkeypatch.setattr(tox.venv, "VirtualEnv", MockVirtualEnv)
+    monkeypatch.setattr(poetry.utils.env, "VirtualEnv", MockVirtualEnv)
+
+
+@pytest.fixture(scope="function")
+def mock_poetry_factory(monkeypatch):
+    pypoetry = poetry.factory.Factory().create_poetry(cwd=TEST_PROJECT_PATH)
+
+    def mock_factory(*args, **kwargs):
+        return pypoetry
+
+    monkeypatch.setattr(poetry.factory.Factory, "create_poetry", mock_factory)

tests/test-project/poetry.lock

@@ -0,0 +1,505 @@
+[[package]]
+name = "appdirs"
+version = "1.4.4"
+description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"."
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "attrs"
+version = "20.3.0"
+description = "Classes Without Boilerplate"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+
+[package.extras]
+dev = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface", "furo", "sphinx", "pre-commit"]
+docs = ["furo", "sphinx", "zope.interface"]
+tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface"]
+tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six"]
+
+[[package]]
+name = "certifi"
+version = "2020.12.5"
+description = "Python package for providing Mozilla's CA Bundle."
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "chardet"
+version = "4.0.0"
+description = "Universal encoding detector for Python 2 and 3"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[[package]]
+name = "click"
+version = "7.1.2"
+description = "Composable command line interface toolkit"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[[package]]
+name = "colorama"
+version = "0.4.4"
+description = "Cross-platform colored terminal text."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[[package]]
+name = "distlib"
+version = "0.3.1"
+description = "Distribution utilities"
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "filelock"
+version = "3.0.12"
+description = "A platform independent file lock."
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "flask"
+version = "1.1.2"
+description = "A simple framework for building complex web applications."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[package.dependencies]
+click = ">=5.1"
+itsdangerous = ">=0.24"
+Jinja2 = ">=2.10.1"
+Werkzeug = ">=0.15"
+
+[package.extras]
+dev = ["pytest", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinxcontrib-log-cabinet", "sphinx-issues"]
+docs = ["sphinx", "pallets-sphinx-themes", "sphinxcontrib-log-cabinet", "sphinx-issues"]
+dotenv = ["python-dotenv"]
+
+[[package]]
+name = "idna"
+version = "2.10"
+description = "Internationalized Domain Names in Applications (IDNA)"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+
+[[package]]
+name = "importlib-metadata"
+version = "3.10.1"
+description = "Read metadata from Python packages"
+category = "main"
+optional = false
+python-versions = ">=3.6"
+
+[package.dependencies]
+typing-extensions = {version = ">=3.6.4", markers = "python_version < \"3.8\""}
+zipp = ">=0.5"
+
+[package.extras]
+docs = ["sphinx", "jaraco.packaging (>=8.2)", "rst.linker (>=1.9)"]
+testing = ["pytest (>=4.6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "packaging", "pep517", "pyfakefs", "flufl.flake8", "pytest-black (>=0.3.7)", "pytest-mypy", "importlib-resources (>=1.3)"]
+
+[[package]]
+name = "importlib-resources"
+version = "5.1.2"
+description = "Read resources from Python packages"
+category = "main"
+optional = false
+python-versions = ">=3.6"
+
+[package.dependencies]
+zipp = {version = ">=0.4", markers = "python_version < \"3.8\""}
+
+[package.extras]
+docs = ["sphinx", "jaraco.packaging (>=8.2)", "rst.linker (>=1.9)"]
+testing = ["pytest (>=4.6)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "pytest-enabler", "pytest-black (>=0.3.7)", "pytest-mypy"]
+
+[[package]]
+name = "itsdangerous"
+version = "1.1.0"
+description = "Various helpers to pass data to untrusted environments and back."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+
+[[package]]
+name = "jinja2"
+version = "2.11.3"
+description = "A very fast and expressive template engine."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[package.dependencies]
+MarkupSafe = ">=0.23"
+
+[package.extras]
+i18n = ["Babel (>=0.8)"]
+
+[[package]]
+name = "markupsafe"
+version = "1.1.1"
+description = "Safely add untrusted strings to HTML/XML markup."
+category = "main"
+optional = false
+python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*"
+
+[[package]]
+name = "packaging"
+version = "20.9"
+description = "Core utilities for Python packages"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+
+[package.dependencies]
+pyparsing = ">=2.0.2"
+
+[[package]]
+name = "pluggy"
+version = "0.13.1"
+description = "plugin and hook calling mechanisms for python"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+
+[package.dependencies]
+importlib-metadata = {version = ">=0.12", markers = "python_version < \"3.8\""}
+
+[package.extras]
+dev = ["pre-commit", "tox"]
+
+[[package]]
+name = "py"
+version = "1.10.0"
+description = "library with cross-python path, ini-parsing, io, code, log facilities"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+
+[[package]]
+name = "pyparsing"
+version = "2.4.7"
+description = "Python parsing module"
+category = "main"
+optional = false
+python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
+
+[[package]]
+name = "python-dateutil"
+version = "2.8.1"
+description = "Extensions to the standard Python datetime module"
+category = "main"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
+
+[package.dependencies]
+six = ">=1.5"
+
+[[package]]
+name = "requests"
+version = "2.25.1"
+description = "Python HTTP for Humans."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[package.dependencies]
+certifi = ">=2017.4.17"
+chardet = ">=3.0.2,<5"
+idna = ">=2.5,<3"
+urllib3 = ">=1.21.1,<1.27"
+
+[package.extras]
+security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
+
+[[package]]
+name = "six"
+version = "1.15.0"
+description = "Python 2 and 3 compatibility utilities"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*"
+
+[[package]]
+name = "toml"
+version = "0.10.2"
+description = "Python Library for Tom's Obvious, Minimal Language"
+category = "main"
+optional = false
+python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
+
+[[package]]
+name = "tox"
+version = "3.23.0"
+description = "tox is a generic virtualenv management and test command line tool"
+category = "main"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7"
+
+[package.dependencies]
+colorama = {version = ">=0.4.1", markers = "platform_system == \"Windows\""}
+filelock = ">=3.0.0"
+importlib-metadata = {version = ">=0.12", markers = "python_version < \"3.8\""}
+packaging = ">=14"
+pluggy = ">=0.12.0"
+py = ">=1.4.17"
+six = ">=1.14.0"
+toml = ">=0.9.4"
+virtualenv = ">=16.0.0,<20.0.0 || >20.0.0,<20.0.1 || >20.0.1,<20.0.2 || >20.0.2,<20.0.3 || >20.0.3,<20.0.4 || >20.0.4,<20.0.5 || >20.0.5,<20.0.6 || >20.0.6,<20.0.7 || >20.0.7"
+
+[package.extras]
+docs = ["pygments-github-lexers (>=0.0.5)", "sphinx (>=2.0.0)", "sphinxcontrib-autoprogram (>=0.1.5)", "towncrier (>=18.5.0)"]
+testing = ["flaky (>=3.4.0)", "freezegun (>=0.3.11)", "psutil (>=5.6.1)", "pytest (>=4.0.0)", "pytest-cov (>=2.5.1)", "pytest-mock (>=1.10.0)", "pytest-randomly (>=1.0.0)", "pytest-xdist (>=1.22.2)", "pathlib2 (>=2.3.3)"]
+
+[[package]]
+name = "typing-extensions"
+version = "3.7.4.3"
+description = "Backported and Experimental Type Hints for Python 3.5+"
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "urllib3"
+version = "1.26.4"
+description = "HTTP library with thread-safe connection pooling, file post, and more."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
+
+[package.extras]
+secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"]
+socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
+brotli = ["brotlipy (>=0.6.0)"]
+
+[[package]]
+name = "virtualenv"
+version = "20.4.3"
+description = "Virtual Python Environment builder"
+category = "main"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7"
+
+[package.dependencies]
+appdirs = ">=1.4.3,<2"
+distlib = ">=0.3.1,<1"
+filelock = ">=3.0.0,<4"
+importlib-metadata = {version = ">=0.12", markers = "python_version < \"3.8\""}
+importlib-resources = {version = ">=1.0", markers = "python_version < \"3.7\""}
+six = ">=1.9.0,<2"
+
+[package.extras]
+docs = ["proselint (>=0.10.2)", "sphinx (>=3)", "sphinx-argparse (>=0.2.5)", "sphinx-rtd-theme (>=0.4.3)", "towncrier (>=19.9.0rc1)"]
+testing = ["coverage (>=4)", "coverage-enable-subprocess (>=1)", "flaky (>=3)", "pytest (>=4)", "pytest-env (>=0.6.2)", "pytest-freezegun (>=0.4.1)", "pytest-mock (>=2)", "pytest-randomly (>=1)", "pytest-timeout (>=1)", "packaging (>=20.0)", "xonsh (>=0.9.16)"]
+
+[[package]]
+name = "werkzeug"
+version = "1.0.1"
+description = "The comprehensive WSGI web application library."
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
+[package.extras]
+dev = ["pytest", "pytest-timeout", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinx-issues"]
+watchdog = ["watchdog"]
+
+[[package]]
+name = "zipp"
+version = "3.4.1"
+description = "Backport of pathlib-compatible object wrapper for zip files"
+category = "main"
+optional = false
+python-versions = ">=3.6"
+
+[package.extras]
+docs = ["sphinx", "jaraco.packaging (>=8.2)", "rst.linker (>=1.9)"]
+testing = ["pytest (>=4.6)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "pytest-enabler", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
+
+[metadata]
+lock-version = "1.1"
+python-versions = "^3.6.1"
+content-hash = "af9db950cd722e7dc52b691fb58abc1e22ab48b34ddfe4c5258b3c755a3892fa"
+
+[metadata.files]
+appdirs = [
+    {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"},
+    {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"},
+]
+attrs = [
+    {file = "attrs-20.3.0-py2.py3-none-any.whl", hash = "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6"},
+    {file = "attrs-20.3.0.tar.gz", hash = "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700"},
+]
+certifi = [
+    {file = "certifi-2020.12.5-py2.py3-none-any.whl", hash = "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830"},
+    {file = "certifi-2020.12.5.tar.gz", hash = "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c"},
+]
+chardet = [
+    {file = "chardet-4.0.0-py2.py3-none-any.whl", hash = "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5"},
+    {file = "chardet-4.0.0.tar.gz", hash = "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa"},
+]
+click = [
+    {file = "click-7.1.2-py2.py3-none-any.whl", hash = "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc"},
+    {file = "click-7.1.2.tar.gz", hash = "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a"},
+]
+colorama = [
+    {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"},
+    {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"},
+]
+distlib = [
+    {file = "distlib-0.3.1-py2.py3-none-any.whl", hash = "sha256:8c09de2c67b3e7deef7184574fc060ab8a793e7adbb183d942c389c8b13c52fb"},
+    {file = "distlib-0.3.1.zip", hash = "sha256:edf6116872c863e1aa9d5bb7cb5e05a022c519a4594dc703843343a9ddd9bff1"},
+]
+filelock = [
+    {file = "filelock-3.0.12-py3-none-any.whl", hash = "sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836"},
+    {file = "filelock-3.0.12.tar.gz", hash = "sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59"},
+]
+flask = [
+    {file = "Flask-1.1.2-py2.py3-none-any.whl", hash = "sha256:8a4fdd8936eba2512e9c85df320a37e694c93945b33ef33c89946a340a238557"},
+    {file = "Flask-1.1.2.tar.gz", hash = "sha256:4efa1ae2d7c9865af48986de8aeb8504bf32c7f3d6fdc9353d34b21f4b127060"},
+]
+idna = [
+    {file = "idna-2.10-py2.py3-none-any.whl", hash = "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"},
+    {file = "idna-2.10.tar.gz", hash = "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6"},
+]
+importlib-metadata = [
+    {file = "importlib_metadata-3.10.1-py3-none-any.whl", hash = "sha256:2ec0faae539743ae6aaa84b49a169670a465f7f5d64e6add98388cc29fd1f2f6"},
+    {file = "importlib_metadata-3.10.1.tar.gz", hash = "sha256:c9356b657de65c53744046fa8f7358afe0714a1af7d570c00c3835c2d724a7c1"},
+]
+importlib-resources = [
+    {file = "importlib_resources-5.1.2-py3-none-any.whl", hash = "sha256:ebab3efe74d83b04d6bf5cd9a17f0c5c93e60fb60f30c90f56265fce4682a469"},
+    {file = "importlib_resources-5.1.2.tar.gz", hash = "sha256:642586fc4740bd1cad7690f836b3321309402b20b332529f25617ff18e8e1370"},
+]
+itsdangerous = [
+    {file = "itsdangerous-1.1.0-py2.py3-none-any.whl", hash = "sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"},
+    {file = "itsdangerous-1.1.0.tar.gz", hash = "sha256:321b033d07f2a4136d3ec762eac9f16a10ccd60f53c0c91af90217ace7ba1f19"},
+]
+jinja2 = [
+    {file = "Jinja2-2.11.3-py2.py3-none-any.whl", hash = "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419"},
+    {file = "Jinja2-2.11.3.tar.gz", hash = "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6"},
+]
+markupsafe = [
+    {file = "MarkupSafe-1.1.1-cp27-cp27m-macosx_10_6_intel.whl", hash = "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161"},
+    {file = "MarkupSafe-1.1.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"},
+    {file = "MarkupSafe-1.1.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183"},
+    {file = "MarkupSafe-1.1.1-cp27-cp27m-win32.whl", hash = "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b"},
+    {file = "MarkupSafe-1.1.1-cp27-cp27m-win_amd64.whl", hash = "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e"},
+    {file = "MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f"},
+    {file = "MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1"},
+    {file = "MarkupSafe-1.1.1-cp34-cp34m-macosx_10_6_intel.whl", hash = "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5"},
+    {file = "MarkupSafe-1.1.1-cp34-cp34m-manylinux1_i686.whl", hash = "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1"},
+    {file = "MarkupSafe-1.1.1-cp34-cp34m-manylinux1_x86_64.whl", hash = "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735"},
+    {file = "MarkupSafe-1.1.1-cp34-cp34m-win32.whl", hash = "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21"},
+    {file = "MarkupSafe-1.1.1-cp34-cp34m-win_amd64.whl", hash = "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235"},
+    {file = "MarkupSafe-1.1.1-cp35-cp35m-macosx_10_6_intel.whl", hash = "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b"},
+    {file = "MarkupSafe-1.1.1-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f"},
+    {file = "MarkupSafe-1.1.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905"},
+    {file = "MarkupSafe-1.1.1-cp35-cp35m-win32.whl", hash = "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1"},
+    {file = "MarkupSafe-1.1.1-cp35-cp35m-win_amd64.whl", hash = "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-macosx_10_6_intel.whl", hash = "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-win32.whl", hash = "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66"},
+    {file = "MarkupSafe-1.1.1-cp36-cp36m-win_amd64.whl", hash = "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-macosx_10_6_intel.whl", hash = "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-win32.whl", hash = "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2"},
+    {file = "MarkupSafe-1.1.1-cp37-cp37m-win_amd64.whl", hash = "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-win32.whl", hash = "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b"},
+    {file = "MarkupSafe-1.1.1-cp38-cp38-win_amd64.whl", hash = "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-manylinux1_i686.whl", hash = "sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-win32.whl", hash = "sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39"},
+    {file = "MarkupSafe-1.1.1-cp39-cp39-win_amd64.whl", hash = "sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8"},
+    {file = "MarkupSafe-1.1.1.tar.gz", hash = "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b"},
+]
+packaging = [
+    {file = "packaging-20.9-py2.py3-none-any.whl", hash = "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"},
+    {file = "packaging-20.9.tar.gz", hash = "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5"},
+]
+pluggy = [
+    {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"},
+    {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"},
+]
+py = [
+    {file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"},
+    {file = "py-1.10.0.tar.gz", hash = "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3"},
+]
+pyparsing = [
+    {file = "pyparsing-2.4.7-py2.py3-none-any.whl", hash = "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"},
+    {file = "pyparsing-2.4.7.tar.gz", hash = "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"},
+]
+python-dateutil = [
+    {file = "python-dateutil-2.8.1.tar.gz", hash = "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c"},
+    {file = "python_dateutil-2.8.1-py2.py3-none-any.whl", hash = "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"},
+]
+requests = [
+    {file = "requests-2.25.1-py2.py3-none-any.whl", hash = "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e"},
+    {file = "requests-2.25.1.tar.gz", hash = "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804"},
+]
+six = [
+    {file = "six-1.15.0-py2.py3-none-any.whl", hash = "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"},
+    {file = "six-1.15.0.tar.gz", hash = "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"},
+]
+toml = [
+    {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
+    {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
+]
+tox = [
+    {file = "tox-3.23.0-py2.py3-none-any.whl", hash = "sha256:e007673f3595cede9b17a7c4962389e4305d4a3682a6c5a4159a1453b4f326aa"},
+    {file = "tox-3.23.0.tar.gz", hash = "sha256:05a4dbd5e4d3d8269b72b55600f0b0303e2eb47ad5c6fe76d3576f4c58d93661"},
+]
+typing-extensions = [
+    {file = "typing_extensions-3.7.4.3-py2-none-any.whl", hash = "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f"},
+    {file = "typing_extensions-3.7.4.3-py3-none-any.whl", hash = "sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918"},
+    {file = "typing_extensions-3.7.4.3.tar.gz", hash = "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c"},
+]
+urllib3 = [
+    {file = "urllib3-1.26.4-py2.py3-none-any.whl", hash = "sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df"},
+    {file = "urllib3-1.26.4.tar.gz", hash = "sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937"},
+]
+virtualenv = [
+    {file = "virtualenv-20.4.3-py2.py3-none-any.whl", hash = "sha256:83f95875d382c7abafe06bd2a4cdd1b363e1bb77e02f155ebe8ac082a916b37c"},
+    {file = "virtualenv-20.4.3.tar.gz", hash = "sha256:49ec4eb4c224c6f7dd81bb6d0a28a09ecae5894f4e593c89b0db0885f565a107"},
+]
+werkzeug = [
+    {file = "Werkzeug-1.0.1-py2.py3-none-any.whl", hash = "sha256:2de2a5db0baeae7b2d2664949077c2ac63fbd16d98da0ff71837f7d1dea3fd43"},
+    {file = "Werkzeug-1.0.1.tar.gz", hash = "sha256:6c80b1e5ad3665290ea39320b91e1be1e0d5f60652b964a3070216de83d2e47c"},
+]
+zipp = [
+    {file = "zipp-3.4.1-py3-none-any.whl", hash = "sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098"},
+    {file = "zipp-3.4.1.tar.gz", hash = "sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76"},
+]

tests/test-project/pyproject.toml

@@ -0,0 +1,19 @@
+[tool.poetry]
+name = "test-project"
+version = "0.0.0"
+license = "MIT"
+authors = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]
+description = "A fake project for testing"
+
+[tool.poetry.dependencies]
+python = "^3.6.1"
+requests = "^2.25.1"
+tox = "^3.23.0"
+python-dateutil = "^2.8.1"
+Flask = "^1.1.2"
+toml = "^0.10.2"
+attrs = "^20.3.0"
+
+[build-system]
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"

tests/test_installer.py

@@ -0,0 +1,59 @@
+# pylint: disable=missing-module-docstring, redefined-outer-name, unused-argument, wrong-import-order, unused-import
+import time
+
+import tox.venv
+from poetry.factory import Factory
+
+from .fixtures import mock_poetry_factory
+from .fixtures import mock_venv
+from tox_poetry_installer import installer
+from tox_poetry_installer import utilities
+
+
+def test_deduplication(mock_venv, mock_poetry_factory):
+    """Test that the installer does not install duplicate dependencies"""
+    poetry = Factory().create_poetry(None)
+    packages: utilities.PackageMap = {
+        item.name: item for item in poetry.locker.locked_repository().packages
+    }
+
+    venv = tox.venv.VirtualEnv()
+    to_install = [packages["toml"], packages["toml"]]
+
+    installer.install(poetry, venv, to_install)
+
+    assert len(set(to_install)) == len(venv.installed)  # pylint: disable=no-member
+
+
+def test_parallelization(mock_venv, mock_poetry_factory):
+    """Test that behavior is consistent between parallel and non-parallel usage"""
+    poetry = Factory().create_poetry(None)
+    packages: utilities.PackageMap = {
+        item.name: item for item in poetry.locker.locked_repository().packages
+    }
+
+    to_install = [
+        packages["toml"],
+        packages["toml"],
+        packages["tox"],
+        packages["requests"],
+        packages["python-dateutil"],
+        packages["attrs"],
+    ]
+
+    venv_sequential = tox.venv.VirtualEnv()
+    start_sequential = time.time()
+    installer.install(poetry, venv_sequential, to_install, 0)
+    sequential = time.time() - start_sequential
+
+    venv_parallel = tox.venv.VirtualEnv()
+    start_parallel = time.time()
+    installer.install(poetry, venv_parallel, to_install, 5)
+    parallel = time.time() - start_parallel
+
+    # The mock delay during package install is static (one second) so these values should all
+    # be within microseconds of each other
+    assert parallel < sequential
+    assert round(parallel * 5) == round(sequential)
+    assert round(sequential) == len(set(to_install))
+    assert round(parallel * 5) == len(set(to_install))

tests/test_transients.py

@@ -0,0 +1,79 @@
+# pylint: disable=missing-module-docstring, redefined-outer-name, unused-argument, wrong-import-order, unused-import
+import poetry.factory
+import poetry.utils.env
+import pytest
+from poetry.puzzle.provider import Provider
+
+from .fixtures import mock_poetry_factory
+from .fixtures import mock_venv
+from tox_poetry_installer import constants
+from tox_poetry_installer import exceptions
+from tox_poetry_installer import utilities
+
+
+def test_exclude_unsafe():
+    """Test that the unsafe packages are properly excluded
+
+    Also ensure that the internal constant matches the value from Poetry
+    """
+    assert Provider.UNSAFE_PACKAGES == constants.UNSAFE_PACKAGES
+
+    for dep in constants.UNSAFE_PACKAGES:
+        assert not utilities.identify_transients(dep, {}, None)
+
+
+def test_allow_missing():
+    """Test that the ``allow_missing`` parameter works as expected"""
+    with pytest.raises(exceptions.LockedDepNotFoundError):
+        utilities.identify_transients("luke-skywalker", {}, None)
+
+    assert not utilities.identify_transients(
+        "darth-vader", {}, None, allow_missing=["darth-vader"]
+    )
+
+
+def test_exclude_pep508():
+    """Test that dependencies specified in PEP508 format are properly excluded"""
+    for version in [
+        "foo==1.0",
+        "foo==1",
+        "foo>2.0.0",
+        "foo<=9.3.4.7.8",
+        "foo>999,<=4.6",
+        "foo>1234 || foo<2021.01.01",
+        "foo!=7",
+        "foo~=0.8",
+        "foo!=9,==7",
+        "=>foo",
+    ]:
+        with pytest.raises(exceptions.LockedDepVersionConflictError):
+            utilities.identify_transients(version, {}, None)
+
+
+def test_functional(mock_poetry_factory, mock_venv):
+    """Integration tests for the :func:`identify_transients` function
+
+    Trivially test that it resolves dependencies properly and that the parent package
+    is always the last in the returned list.
+    """
+    pypoetry = poetry.factory.Factory().create_poetry(None)
+    packages = utilities.build_package_map(pypoetry)
+    venv = poetry.utils.env.VirtualEnv()  # pylint: disable=no-value-for-parameter
+
+    requests_requires = [
+        packages["certifi"][0],
+        packages["chardet"][0],
+        packages["idna"][0],
+        packages["urllib3"][0],
+        packages["requests"][0],
+    ]
+
+    transients = utilities.identify_transients("requests", packages, venv)
+
+    assert all((item in requests_requires) for item in transients)
+    assert all((item in transients) for item in requests_requires)
+
+    for package in [packages["requests"][0], packages["tox"][0], packages["flask"][0]]:
+        transients = utilities.identify_transients(package.name, packages, venv)
+        assert transients[-1] == package
+        assert len(transients) == len(set(transients))

tox.ini

@@ -1,11 +1,12 @@
 [tox]
-envlist = py36, py37, py38, py39, static, static-tests, security
+envlist = py37, py38, py39, py310, py311, static, static-tests, security
 isolated_build = true
 skip_missing_interpreters = true
 
 [testenv]
 description = Run the tests
 require_locked_deps = true
+require_poetry = true
 extras =
     poetry
 locked_deps =
@@ -13,52 +14,79 @@ locked_deps =
     pytest-cov
     toml
 commands =
-    pytest --cov {envsitepackagesdir}/tox_poetry_installer --cov-config {toxinidir}/.coveragerc --cov-report term-missing tests/
+    pytest {toxinidir}/tests/ \
+      --cov {toxinidir}/tox_poetry_installer \
+      --cov-config {toxinidir}/.coveragerc \
+      --cov-report term-missing
 
 [testenv:static]
 description = Static formatting and quality enforcement
-basepython = python3.8
+basepython = python3.10
 platform = linux
 ignore_errors = true
-require_locked_deps = true
 locked_deps =
-    pre-commit
-    pre-commit-hooks
     black
     blacken-docs
-    reorder-python-imports
-    pylint
+    mdformat
+    mdformat-gfm
     mypy
+    reorder-python-imports
+    pre-commit
+    pre-commit-hooks
+    pylint
+    types-toml
 commands =
-    pre-commit run --all-files
-    pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tox_poetry_installer/
-    mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tox_poetry_installer/
+    pre-commit run \
+      --all-files
+    pylint {toxinidir}/tox_poetry_installer/ \
+      --rcfile {toxinidir}/.pylintrc
+    mypy {toxinidir}/tox_poetry_installer/ \
+      --ignore-missing-imports \
+      --no-strict-optional
 
 [testenv:static-tests]
 description = Static formatting and quality enforcement for the tests
-basepython = python3.8
+basepython = python3.10
 platform = linux
-ingore_errors = true
-require_locked_deps = true
+ignore_errors = true
 locked_deps =
     pylint
+    pytest
     mypy
+    types-toml
 commands =
-    pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tests/
-    mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tests/
+    pylint {toxinidir}/tests/ \
+      --rcfile {toxinidir}/.pylintrc
+    mypy {toxinidir}/tests/ \
+      --ignore-missing-imports \
+      --no-strict-optional
 
 [testenv:security]
 description = Security checks
-basepython = python3.8
+basepython = python3.10
 platform = linux
-ingore_errors = true
-require_locked_deps = true
+ignore_errors = true
+skip_install = true
 locked_deps =
     bandit
     safety
     poetry
 commands =
-    bandit --recursive --quiet {toxinidir}/tox_poetry_installer/
-    bandit --recursive --quiet --skip B101 {toxinidir}/tests/
-    poetry export --format requirements.txt --output {envtmpdir}/requirements.txt --without-hashes --dev
-    safety check --bare --file {envtmpdir}/requirements.txt
+    bandit {toxinidir}/tox_poetry_installer/ \
+      --recursive \
+      --quiet
+    bandit {toxinidir}/tests/ \
+      --recursive \
+      --quiet \
+      --skip B101
+    poetry export \
+      --format requirements.txt \
+      --output {envtmpdir}/requirements.txt \
+      --without-hashes \
+      --with dev \
+      --extras poetry
+    safety check \
+      --file {envtmpdir}/requirements.txt \
+      --output text \
+      # https://github.com/pytest-dev/py/issues/287
+      --ignore 51457

tox_poetry_installer/__about__.py

@@ -1,7 +1,7 @@
 # pylint: disable=missing-docstring
 __title__ = "tox-poetry-installer"
-__summary__ = "Tox plugin to install Tox environment dependencies using the Poetry backend and lockfile"
-__version__ = "0.6.2"
+__summary__ = "A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile"
+__version__ = "0.10.1"
 __url__ = "https://github.com/enpaul/tox-poetry-installer/"
 __license__ = "MIT"
 __authors__ = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]

tox_poetry_installer/_poetry.py

@@ -28,11 +28,10 @@ from tox_poetry_installer import exceptions
 
 
 try:
+    from cleo.io.null_io import NullIO
     from poetry.factory import Factory
     from poetry.installation.pip_installer import PipInstaller
-    from poetry.io.null_io import NullIO
     from poetry.poetry import Poetry
-    from poetry.puzzle.provider import Provider
     from poetry.utils.env import VirtualEnv
 except ImportError:
     raise exceptions.PoetryNotInstalledError(

tox_poetry_installer/constants.py

@@ -5,11 +5,9 @@ in this module.
 
 All constants should be type hinted.
 """
-import sys
+from typing import Set
 from typing import Tuple
 
-from poetry.core.semver.version import Version
-
 from tox_poetry_installer import __about__
 
 
@@ -19,13 +17,11 @@ PEP508_VERSION_DELIMITERS: Tuple[str, ...] = ("~=", "==", "!=", ">", "<")
 
 # Prefix all reporter messages should include to indicate that they came from this module in the
 # console output.
-REPORTER_PREFIX: str = f"[{__about__.__title__}]:"
+REPORTER_PREFIX: str = f"{__about__.__title__}:"
 
+# Internal list of packages that poetry has deemed unsafe and are excluded from the lockfile
+# TODO: This functionality is no longer needed, should remove in a future update.
+UNSAFE_PACKAGES: Set[str] = set()
 
-# Semver compatible version of the current python platform version. Used for checking
-# whether a package is compatible with the current python system version
-PLATFORM_VERSION: Version = Version(
-    major=sys.version_info.major,
-    minor=sys.version_info.minor,
-    patch=sys.version_info.micro,
-)
+# Number of threads to use for installing dependencies by default
+DEFAULT_INSTALL_THREADS: int = 10

tox_poetry_installer/datatypes.py

@@ -1,8 +0,0 @@
-"""Definitions for typehints/containers used by the plugin"""
-from typing import Dict
-
-from poetry.core.packages import Package as PoetryPackage
-
-
-# Map of package names to the package object
-PackageMap = Dict[str, PoetryPackage]

tox_poetry_installer/exceptions.py

@@ -11,6 +11,7 @@ All exceptions should inherit from the common base exception :exc:`ToxPoetryInst
    +-- LockedDepNotFoundError
    +-- ExtraNotFoundError
    +-- LockedDepsRequiredError
+   +-- RequiresUnsafeDepError
 
 """
 
@@ -41,3 +42,7 @@ class ExtraNotFoundError(ToxPoetryInstallerException):
 
 class LockedDepsRequiredError(ToxPoetryInstallerException):
     """Environment cannot specify unlocked dependencies when locked dependencies are required"""
+
+
+class RequiresUnsafeDepError(ToxPoetryInstallerException):
+    """Package under test depends on an unsafe dependency and cannot be installed"""

tox_poetry_installer/hooks.py

@@ -4,12 +4,10 @@ All implementations of tox hooks are defined here, as well as any single-use hel
 specifically related to implementing the hooks (to keep the size/readability of the hook functions
 themselves manageable).
 """
-from typing import List
+from itertools import chain
 from typing import Optional
 
-from poetry.core.packages import Package as PoetryPackage
-from tox import hookimpl
-from tox import reporter
+import tox
 from tox.action import Action as ToxAction
 from tox.config import Parser as ToxParser
 from tox.venv import VirtualEnv as ToxVirtualEnv
@@ -17,11 +15,72 @@ from tox.venv import VirtualEnv as ToxVirtualEnv
 from tox_poetry_installer import __about__
 from tox_poetry_installer import constants
 from tox_poetry_installer import exceptions
+from tox_poetry_installer import installer
+from tox_poetry_installer import logger
 from tox_poetry_installer import utilities
-from tox_poetry_installer.datatypes import PackageMap
 
 
-@hookimpl
+def _postprocess_install_project_deps(
+    testenv_config, value: Optional[str]  # pylint: disable=unused-argument
+) -> Optional[bool]:
+    """An awful hack to patch on three-state boolean logic to a config parameter
+
+    .. warning: This logic should 100% be removed in the next feature release. It's here to work
+                around a bad design for now but should not persist.
+
+    The bug filed in `#61`_ is caused by a combination of poor design and attempted cleverness. The
+    name of the ``install_project_deps`` config option implies that it has ultimate control over
+    whether the project dependencies are installed to the testenv, but this is not actually correct.
+    What it actually allows the user to do is force the project dependencies to not be installed to
+    an environment that would otherwise install them. This was intended behavior, however the
+    intention was wrong.
+
+    .. _`#61`: https://github.com/enpaul/tox-poetry-installer/issues/61
+
+    In an effort to be clever the plugin automatically skips installing project dependencies when
+    the project package is not installed to the testenv (``skip_install = true``) or if packaging
+    as a whole is disabled (``skipsdist = true``). The intention of this behavior is to install only
+    the expected dependencies to a testenv and no more. However, this conflicts with the
+    ``install_project_deps`` config option, which cannot override this behavior because it defaults
+    to ``True``. In effect, ``install_project_deps = true`` in fact means "automatically
+    determine whether to install project dependencies" and ``install_project_deps = false`` means
+    "never install the project dependencies". This is not ideal and unintuitive.
+
+    To avoid having to make a breaking change this workaround has been added to support three-state
+    logic between ``True``, ``False``, and ``None``. The ``install_project_deps`` option is now
+    parsed by Tox as a string with a default value of ``None``. If the value is not ``None`` then
+    this post processing function will try to convert it to a boolean the same way that Tox's
+    `SectionReader.getbool()`_ method does, raising an error to mimic the default behavior if it
+    can't.
+
+    .. _`SectionReader.getbool()`: https://github.com/tox-dev/tox/blob/f8459218ee5ab5753321b3eb989b7beee5b391ad/src/tox/config/__init__.py#L1724
+
+    The three states for the ``install_project_deps`` setting are:
+    * ``None`` - User did not configure the setting, package dependency installation is
+      determined automatically
+    * ``True`` - User configured the setting to ``True``, package dependencies will be installed
+    * ``False`` - User configured the setting to ``False``, package dependencies will not be
+      installed
+
+    This config option should be deprecated with the 1.0.0 release and instead an option like
+    ``always_install_project_deps`` should be added which overrides the default determination and
+    just installs the project dependencies. The counterpart (``never_install_project_deps``)
+    shouldn't be needed, since I don't think there's a real use case for that.
+    """
+    if value is None:
+        return value
+
+    if value.lower() == "true":
+        return True
+    if value.lower() == "false":
+        return False
+
+    raise tox.exception.ConfigError(
+        f"install_project_deps: boolean value '{value}' needs to be 'True' or 'False'"
+    )
+
+
+@tox.hookimpl
 def tox_addoption(parser: ToxParser):
     """Add required configuration options to the tox INI file
 
@@ -33,14 +92,45 @@ def tox_addoption(parser: ToxParser):
         "--require-poetry",
         action="store_true",
         dest="require_poetry",
-        help="Trigger a failure if Poetry is not available to Tox",
+        help="(deprecated) Trigger a failure if Poetry is not available to Tox",
+    )
+
+    parser.add_argument(
+        "--parallelize-locked-install",
+        type=int,
+        dest="parallelize_locked_install",
+        default=None,
+        help="(deprecated) Number of worker threads to use for installing dependencies from the Poetry lockfile in parallel",
+    )
+
+    parser.add_argument(
+        "--parallel-install-threads",
+        type=int,
+        dest="parallel_install_threads",
+        default=constants.DEFAULT_INSTALL_THREADS,
+        help="Number of locked dependencies to install simultaneously; set to 0 to disable parallel installation",
     )
 
     parser.add_testenv_attribute(
         name="install_dev_deps",
         type="bool",
         default=False,
-        help="Automatically install all Poetry development dependencies to the environment",
+        help="(deprecated) Automatically install all Poetry development dependencies to the environment",
+    )
+
+    parser.add_testenv_attribute(
+        name="poetry_dep_groups",
+        type="line-list",
+        default=[],
+        help="List of Poetry dependency groups to install to the environment",
+    )
+
+    parser.add_testenv_attribute(
+        name="install_project_deps",
+        type="string",
+        default=None,
+        help="Automatically install all Poetry primary dependencies to the environment",
+        postprocess=_postprocess_install_project_deps,
     )
 
     parser.add_testenv_attribute(
@@ -50,6 +140,13 @@ def tox_addoption(parser: ToxParser):
         help="Require all dependencies in the environment be installed using the Poetry lockfile",
     )
 
+    parser.add_testenv_attribute(
+        name="require_poetry",
+        type="bool",
+        default=False,
+        help="Trigger a failure if Poetry is not available to Tox",
+    )
+
     parser.add_testenv_attribute(
         name="locked_deps",
         type="line-list",
@@ -57,7 +154,7 @@ def tox_addoption(parser: ToxParser):
     )
 
 
-@hookimpl
+@tox.hookimpl
 def tox_testenv_install_deps(venv: ToxVirtualEnv, action: ToxAction) -> Optional[bool]:
     """Install the dependencies for the current environment
 
@@ -72,19 +169,23 @@ def tox_testenv_install_deps(venv: ToxVirtualEnv, action: ToxAction) -> Optional
     try:
         poetry = utilities.check_preconditions(venv, action)
     except exceptions.SkipEnvironment as err:
-        if (
-            isinstance(err, exceptions.PoetryNotInstalledError)
-            and venv.envconfig.config.option.require_poetry
+        if isinstance(err, exceptions.PoetryNotInstalledError) and (
+            venv.envconfig.config.option.require_poetry or venv.envconfig.require_poetry
         ):
             venv.status = err.__class__.__name__
-            reporter.error(str(err))
+            logger.error(str(err))
             return False
-        reporter.verbosity1(str(err))
+        logger.info(str(err))
         return None
 
-    reporter.verbosity1(
-        f"{constants.REPORTER_PREFIX} Loaded project pyproject.toml from {poetry.file}"
-    )
+    logger.info(f"Loaded project pyproject.toml from {poetry.file}")
+
+    virtualenv = utilities.convert_virtualenv(venv)
+
+    if not poetry.locker.is_fresh():
+        logger.warning(
+            f"The Poetry lock file is not up to date with the latest changes in {poetry.file}"
+        )
 
     try:
         if venv.envconfig.require_locked_deps and venv.envconfig.deps:
@@ -92,59 +193,91 @@ def tox_testenv_install_deps(venv: ToxVirtualEnv, action: ToxAction) -> Optional
                 f"Unlocked dependencies '{venv.envconfig.deps}' specified for environment '{venv.name}' which requires locked dependencies"
             )
 
-        package_map: PackageMap = {
-            package.name: package
-            for package in poetry.locker.locked_repository(True).packages
-        }
+        packages = utilities.build_package_map(poetry)
 
         if venv.envconfig.install_dev_deps:
-            dev_deps: List[PoetryPackage] = [
-                dep
-                for dep in package_map.values()
-                if dep not in poetry.locker.locked_repository(False).packages
-            ]
+            dev_deps = utilities.find_dev_deps(packages, virtualenv, poetry)
+            logger.info(
+                f"Identified {len(dev_deps)} development dependencies to install to env"
+            )
         else:
             dev_deps = []
+            logger.info("Env does not install development dependencies, skipping")
 
-        reporter.verbosity1(
-            f"{constants.REPORTER_PREFIX} Identified {len(dev_deps)} development dependencies to install to env"
-        )
-
-        env_deps: List[PoetryPackage] = []
-        for dep in venv.envconfig.locked_deps:
-            env_deps += utilities.find_transients(
-                package_map, dep.lower(), allow_missing=[poetry.package.name]
+        group_deps = utilities.dedupe_packages(
+            list(
+                chain(
+                    *[
+                        utilities.find_group_deps(group, packages, virtualenv, poetry)
+                        for group in venv.envconfig.poetry_dep_groups
+                    ]
+                )
             )
-        reporter.verbosity1(
-            f"{constants.REPORTER_PREFIX} Identified {len(env_deps)} environment dependencies to install to env"
+        )
+        logger.info(
+            f"Identified {len(group_deps)} group dependencies to install to env"
         )
 
-        if not venv.envconfig.skip_install and not venv.envconfig.config.skipsdist:
-            project_deps: List[PoetryPackage] = utilities.find_project_dependencies(
-                venv, poetry, package_map
+        env_deps = utilities.find_additional_deps(
+            packages, virtualenv, poetry, venv.envconfig.locked_deps
+        )
+
+        logger.info(
+            f"Identified {len(env_deps)} environment dependencies to install to env"
+        )
+
+        install_project_deps = (
+            venv.envconfig.install_project_deps
+            if venv.envconfig.install_project_deps is not None
+            else (
+                not venv.envconfig.skip_install and not venv.envconfig.config.skipsdist
+            )
+        )
+
+        if install_project_deps:
+            project_deps = utilities.find_project_deps(
+                packages, virtualenv, poetry, venv.envconfig.extras
+            )
+            logger.info(
+                f"Identified {len(project_deps)} project dependencies to install to env"
             )
         else:
             project_deps = []
-            reporter.verbosity1(
-                f"{constants.REPORTER_PREFIX} Skipping installation of project dependencies, env does not install project package"
-            )
-        reporter.verbosity1(
-            f"{constants.REPORTER_PREFIX} Identified {len(project_deps)} project dependencies to install to env"
-        )
+            logger.info("Env does not install project package dependencies, skipping")
     except exceptions.ToxPoetryInstallerException as err:
         venv.status = err.__class__.__name__
-        reporter.error(f"{constants.REPORTER_PREFIX} {err}")
+        logger.error(str(err))
         return False
     except Exception as err:
         venv.status = "InternalError"
-        reporter.error(f"{constants.REPORTER_PREFIX} Internal plugin error: {err}")
+        logger.error(f"Internal plugin error: {err}")
         raise err
 
-    dependencies = list(set(dev_deps + env_deps + project_deps))
+    dependencies = utilities.dedupe_packages(
+        dev_deps + group_deps + env_deps + project_deps
+    )
+    if (
+        venv.envconfig.config.option.parallel_install_threads
+        != constants.DEFAULT_INSTALL_THREADS
+    ):
+        parallel_threads = venv.envconfig.config.option.parallel_install_threads
+    else:
+        parallel_threads = (
+            venv.envconfig.config.option.parallelize_locked_install
+            if venv.envconfig.config.option.parallelize_locked_install is not None
+            else constants.DEFAULT_INSTALL_THREADS
+        )
+    log_parallel = f" (using {parallel_threads} threads)" if parallel_threads else ""
+
     action.setactivity(
         __about__.__title__,
-        f"Installing {len(dependencies)} dependencies from Poetry lock file",
+        f"Installing {len(dependencies)} dependencies from Poetry lock file{log_parallel}",
+    )
+    installer.install(
+        poetry,
+        venv,
+        dependencies,
+        parallel_threads,
     )
-    utilities.install_to_venv(poetry, venv, dependencies)
 
     return venv.envconfig.require_locked_deps or None

tox_poetry_installer/installer.py

@@ -0,0 +1,81 @@
+"""Funcationality for performing virtualenv installation"""
+# Silence this one globally to support the internal function imports for the proxied poetry module.
+# See the docstring in 'tox_poetry_installer._poetry' for more context.
+# pylint: disable=import-outside-toplevel
+import concurrent.futures
+import contextlib
+import typing
+from datetime import datetime
+from typing import Collection
+from typing import Set
+
+from poetry.core.packages.package import Package as PoetryPackage
+from tox.venv import VirtualEnv as ToxVirtualEnv
+
+from tox_poetry_installer import logger
+from tox_poetry_installer import utilities
+
+if typing.TYPE_CHECKING:
+    from tox_poetry_installer import _poetry
+
+
+def install(
+    poetry: "_poetry.Poetry",
+    venv: ToxVirtualEnv,
+    packages: Collection[PoetryPackage],
+    parallels: int = 0,
+):
+    """Install a bunch of packages to a virtualenv
+
+    :param poetry: Poetry object the packages were sourced from
+    :param venv: Tox virtual environment to install the packages to
+    :param packages: List of packages to install to the virtual environment
+    :param parallels: Number of parallel processes to use for installing dependency packages, or
+                      ``None`` to disable parallelization.
+    """
+    from tox_poetry_installer import _poetry
+
+    logger.info(
+        f"Installing {len(packages)} packages to environment at {venv.envconfig.envdir}"
+    )
+
+    pip = _poetry.PipInstaller(
+        env=utilities.convert_virtualenv(venv),
+        io=_poetry.NullIO(),
+        pool=poetry.pool,
+    )
+
+    installed: Set[PoetryPackage] = set()
+
+    def logged_install(dependency: PoetryPackage) -> None:
+        start = datetime.now()
+        logger.debug(f"Installing {dependency}")
+        pip.install(dependency)
+        end = datetime.now()
+        logger.debug(f"Finished installing {dependency} in {end - start}")
+
+    @contextlib.contextmanager
+    def _optional_parallelize():
+        """A bit of cheat, really
+
+        A context manager that exposes a common interface for the caller that optionally
+        enables/disables the usage of the parallel thread pooler depending on the value of
+        the ``parallels`` parameter.
+        """
+        if parallels > 0:
+            with concurrent.futures.ThreadPoolExecutor(
+                max_workers=parallels
+            ) as executor:
+                yield executor.submit
+        else:
+            yield lambda func, arg: func(arg)
+
+    with _optional_parallelize() as executor:
+        for dependency in packages:
+            if dependency not in installed:
+                installed.add(dependency)
+                logger.debug(f"Queuing {dependency}")
+                executor(logged_install, dependency)
+            else:
+                logger.debug(f"Skipping {dependency}, already installed")
+        logger.debug("Waiting for installs to finish...")

tox_poetry_installer/logger.py

@@ -0,0 +1,29 @@
+"""Logging wrappers to reduce duplication elsewhere
+
+Calling ``tox.reporter.something()`` and having to format a string with the prefix
+gets really old fast, but more importantly it also makes the flow of the main code
+more difficult to follow because of the added complexity.
+"""
+import tox
+
+from tox_poetry_installer import constants
+
+
+def error(message: str):
+    """Wrapper around :func:`tox.reporter.error`"""
+    tox.reporter.error(f"{constants.REPORTER_PREFIX} {message}")
+
+
+def warning(message: str):
+    """Wrapper around :func:`tox.reporter.warning`"""
+    tox.reporter.warning(f"{constants.REPORTER_PREFIX} {message}")
+
+
+def info(message: str):
+    """Wrapper around :func:`tox.reporter.verbosity1`"""
+    tox.reporter.verbosity1(f"{constants.REPORTER_PREFIX} {message}")
+
+
+def debug(message: str):
+    """Wrapper around :func:`tox.reporter.verbosity2`"""
+    tox.reporter.verbosity2(f"{constants.REPORTER_PREFIX} {message}")

tox_poetry_installer/utilities.py

@@ -2,145 +2,28 @@
 # Silence this one globally to support the internal function imports for the proxied poetry module.
 # See the docstring in 'tox_poetry_installer._poetry' for more context.
 # pylint: disable=import-outside-toplevel
-import sys
+import collections
 import typing
 from pathlib import Path
+from typing import Dict
 from typing import List
 from typing import Sequence
 from typing import Set
 
-from poetry.core.packages import Package as PoetryPackage
-from tox import reporter
+from poetry.core.packages.dependency import Dependency as PoetryDependency
+from poetry.core.packages.package import Package as PoetryPackage
 from tox.action import Action as ToxAction
 from tox.venv import VirtualEnv as ToxVirtualEnv
 
 from tox_poetry_installer import constants
 from tox_poetry_installer import exceptions
-from tox_poetry_installer.datatypes import PackageMap
+from tox_poetry_installer import logger
 
 if typing.TYPE_CHECKING:
     from tox_poetry_installer import _poetry
 
 
-def install_to_venv(
-    poetry: "_poetry.Poetry", venv: ToxVirtualEnv, packages: Sequence[PoetryPackage]
-):
-    """Install a bunch of packages to a virtualenv
-
-    :param poetry: Poetry object the packages were sourced from
-    :param venv: Tox virtual environment to install the packages to
-    :param packages: List of packages to install to the virtual environment
-    """
-    from tox_poetry_installer import _poetry
-
-    reporter.verbosity1(
-        f"{constants.REPORTER_PREFIX} Installing {len(packages)} packages to environment at {venv.envconfig.envdir}"
-    )
-
-    installer = _poetry.PipInstaller(
-        env=_poetry.VirtualEnv(path=Path(venv.envconfig.envdir)),
-        io=_poetry.NullIO(),
-        pool=poetry.pool,
-    )
-
-    for dependency in packages:
-        reporter.verbosity1(f"{constants.REPORTER_PREFIX} Installing {dependency}")
-        installer.install(dependency)
-
-
-def find_transients(
-    packages: PackageMap, dependency_name: str, allow_missing: Sequence[str] = ()
-) -> Set[PoetryPackage]:
-    """Using a poetry object identify all dependencies of a specific dependency
-
-    :param packages: All packages from the lockfile to use for identifying dependency relationships.
-    :param dependency_name: Bare name (without version) of the dependency to fetch the transient
-                            dependencies of.
-    :param allow_missing: Sequence of package names to allow to be missing from the lockfile. Any
-                          packages that are not found in the lockfile but their name appears in this
-                          list will be silently skipped from installation.
-    :returns: List of packages that need to be installed for the requested dependency.
-
-    .. note:: The package corresponding to the dependency named by ``dependency_name`` is included
-              in the list of returned packages.
-    """
-    from tox_poetry_installer import _poetry
-
-    def find_deps_of_deps(name: str, searched: Set[str]) -> PackageMap:
-        searched.add(name)
-
-        if name in _poetry.Provider.UNSAFE_PACKAGES:
-            reporter.warning(
-                f"{constants.REPORTER_PREFIX} Installing package '{name}' using Poetry is not supported and will be skipped"
-            )
-            reporter.verbosity2(
-                f"{constants.REPORTER_PREFIX} Skip {name}: designated unsafe by Poetry"
-            )
-            return dict()
-
-        transients: PackageMap = {}
-        try:
-            package = packages[name]
-        except KeyError as err:
-            if name in allow_missing:
-                reporter.verbosity2(
-                    f"{constants.REPORTER_PREFIX} Skip {name}: package is not in lockfile but designated as allowed to be missing"
-                )
-                return dict()
-            raise err
-
-        if not package.python_constraint.allows(constants.PLATFORM_VERSION):
-            reporter.verbosity2(
-                f"{constants.REPORTER_PREFIX} Skip {package}: incompatible Python requirement '{package.python_constraint}' for current version '{constants.PLATFORM_VERSION}'"
-            )
-        elif package.platform is not None and package.platform != sys.platform:
-            reporter.verbosity2(
-                f"{constants.REPORTER_PREFIX} Skip {package}: incompatible platform requirement '{package.platform}' for current platform '{sys.platform}'"
-            )
-        else:
-            reporter.verbosity2(
-                f"{constants.REPORTER_PREFIX} Including {package} for installation"
-            )
-            transients[name] = package
-            for index, dep in enumerate(package.requires):
-                reporter.verbosity2(
-                    f"{constants.REPORTER_PREFIX} Processing dependency {index + 1}/{len(package.requires)} for {package}: {dep.name}"
-                )
-                if dep.name not in searched:
-                    transients.update(find_deps_of_deps(dep.name, searched))
-                else:
-                    reporter.verbosity2(
-                        f"{constants.REPORTER_PREFIX} Package with name '{dep.name}' has already been processed, skipping"
-                    )
-
-        return transients
-
-    searched: Set[str] = set()
-
-    try:
-        transients: PackageMap = find_deps_of_deps(
-            packages[dependency_name].name, searched
-        )
-    except KeyError:
-        if dependency_name in _poetry.Provider.UNSAFE_PACKAGES:
-            reporter.warning(
-                f"{constants.REPORTER_PREFIX} Installing package '{dependency_name}' using Poetry is not supported and will be skipped"
-            )
-            return set()
-
-        if any(
-            delimiter in dependency_name
-            for delimiter in constants.PEP508_VERSION_DELIMITERS
-        ):
-            raise exceptions.LockedDepVersionConflictError(
-                f"Locked dependency '{dependency_name}' cannot include version specifier"
-            ) from None
-
-        raise exceptions.LockedDepNotFoundError(
-            f"No version of locked dependency '{dependency_name}' found in the project lockfile"
-        ) from None
-
-    return set(transients.values())
+PackageMap = Dict[str, List[PoetryPackage]]
 
 
 def check_preconditions(venv: ToxVirtualEnv, action: ToxAction) -> "_poetry.Poetry":
@@ -163,6 +46,26 @@ def check_preconditions(venv: ToxVirtualEnv, action: ToxAction) -> "_poetry.Poet
             f"Skipping isolated packaging build env '{action.name}'"
         )
 
+    if venv.envconfig.config.option.require_poetry:
+        logger.warning(
+            "DEPRECATION: The '--require-poetry' runtime option is deprecated and will be "
+            "removed in version 1.0.0. Please update test environments that require Poetry to "
+            "set the 'require_poetry = true' option in tox.ini"
+        )
+
+    if venv.envconfig.config.option.parallelize_locked_install is not None:
+        logger.warning(
+            "DEPRECATION: The '--parallelize-locked-install' option is deprecated and will "
+            "be removed in version 1.0.0. Please use the '--parallel-install-threads' option."
+        )
+
+    if venv.envconfig.install_dev_deps:
+        logger.warning(
+            "DEPRECATION: The 'install_dev_deps' option is deprecated and will be removed in "
+            "version 1.0.0. Please update test environments that install development dependencies "
+            "to set the 'poetry_dev_groups = [dev]' option in tox.ini"
+        )
+
     from tox_poetry_installer import _poetry
 
     try:
@@ -178,42 +81,236 @@ def check_preconditions(venv: ToxVirtualEnv, action: ToxAction) -> "_poetry.Poet
         ) from None
 
 
-def find_project_dependencies(
-    venv: ToxVirtualEnv, poetry: "_poetry.Poetry", packages: PackageMap
+def convert_virtualenv(venv: ToxVirtualEnv) -> "_poetry.VirtualEnv":
+    """Convert a Tox venv to a Poetry venv
+
+    :param venv: Tox ``VirtualEnv`` object representing a tox virtual environment
+    :returns: Poetry ``VirtualEnv`` object representing a poetry virtual environment
+    """
+    from tox_poetry_installer import _poetry
+
+    return _poetry.VirtualEnv(path=Path(venv.envconfig.envdir))
+
+
+def build_package_map(poetry: "_poetry.Poetry") -> PackageMap:
+    """Build the mapping of package names to objects
+
+    :param poetry: Populated poetry object to load locked packages from
+    :returns: Mapping of package names to Poetry package objects
+    """
+    packages = collections.defaultdict(list)
+    for package in poetry.locker.locked_repository().packages:
+        packages[package.name].append(package)
+
+    return packages
+
+
+def identify_transients(
+    dep_name: str,
+    packages: PackageMap,
+    venv: "_poetry.VirtualEnv",
+    allow_missing: Sequence[str] = (),
 ) -> List[PoetryPackage]:
-    """Install the dependencies of the project package
+    """Using a pool of packages, identify all transient dependencies of a given package name
 
-    Install all primary dependencies of the project package.
+    :param dep_name: Either the Poetry dependency or the dependency's bare package name to recursively
+                     identify the transient dependencies of
+    :param packages: All packages from the lockfile to use for identifying dependency relationships.
+    :param venv: Poetry virtual environment to use for package compatibility checks
+    :param allow_missing: Sequence of package names to allow to be missing from the lockfile. Any
+                          packages that are not found in the lockfile but their name appears in this
+                          list will be silently skipped from installation.
+    :returns: List of packages that need to be installed for the requested dependency.
 
-    :param venv: Tox virtual environment to install the packages to
-    :param poetry: Poetry object the packages were sourced from
-    :param packages: Mapping of package names to the corresponding package object
+    .. note:: The package corresponding to the dependency specified by the ``dep`` parameter will
+              be included in the returned list of packages.
+    """
+    searched: Set[str] = set()
+
+    def _transients(transient: PoetryDependency) -> List[PoetryPackage]:
+        searched.add(transient.name)
+
+        results: List[PoetryPackage] = []
+        for option in packages[transient.name]:
+            if venv.is_valid_for_marker(option.to_dependency().marker):
+                for requirement in option.requires:
+                    if requirement.name not in searched:
+                        results += _transients(requirement)
+                logger.debug(f"Including {option} for installation")
+                results.append(option)
+                break
+        else:
+            logger.debug(
+                f"Skipping {transient.name}: target python version is {'.'.join([str(item) for item in venv.get_version_info()])} but package requires {transient.marker}"
+            )
+
+        return results
+
+    try:
+        for option in packages[dep_name]:
+            if venv.is_valid_for_marker(option.to_dependency().marker):
+                dep = option.to_dependency()
+                break
+        else:
+            logger.warning(
+                f"Skipping {dep_name}: no locked version found compatible with target python version {'.'.join([str(item) for item in venv.get_version_info()])}"
+            )
+            return []
+
+        return _transients(dep)
+    except KeyError as err:
+        missing = err.args[0]
+
+        if missing in constants.UNSAFE_PACKAGES:
+            logger.warning(
+                f"Installing package '{missing}' using Poetry is not supported and will be skipped"
+            )
+            logger.debug(f"Skipping {missing}: designated unsafe by Poetry")
+            return []
+
+        if missing in allow_missing:
+            logger.debug(f"Skipping {missing}: package is allowed to be unlocked")
+            return []
+
+        if any(
+            delimiter in missing for delimiter in constants.PEP508_VERSION_DELIMITERS
+        ):
+            raise exceptions.LockedDepVersionConflictError(
+                f"Locked dependency '{missing}' cannot include version specifier"
+            ) from None
+
+        raise exceptions.LockedDepNotFoundError(
+            f"No version of locked dependency '{missing}' found in the project lockfile"
+        ) from None
+
+
+def find_project_deps(
+    packages: PackageMap,
+    venv: "_poetry.VirtualEnv",
+    poetry: "_poetry.Poetry",
+    extras: Sequence[str] = (),
+) -> List[PoetryPackage]:
+    """Find the root project dependencies
+
+    Recursively identify the dependencies of the root project package
+
+    :param packages: Mapping of all locked package names to their corresponding package object
+    :param venv: Poetry virtual environment to use for package compatibility checks
+    :param poetry: Poetry object for the current project
+    :param extras: Sequence of extra names to include the dependencies of
     """
 
-    base_dependencies: List[PoetryPackage] = [
-        packages[item.name]
-        for item in poetry.package.requires
-        if not item.is_optional()
+    if any(dep.name in constants.UNSAFE_PACKAGES for dep in poetry.package.requires):
+        raise exceptions.RequiresUnsafeDepError(
+            f"Project package requires one or more unsafe dependencies ({', '.join(constants.UNSAFE_PACKAGES)}) which cannot be installed with Poetry"
+        )
+
+    required_dep_names = [
+        item.name for item in poetry.package.requires if not item.is_optional()
     ]
 
-    extra_dependencies: List[PoetryPackage] = []
-    for extra in venv.envconfig.extras:
-        reporter.verbosity1(
-            f"{constants.REPORTER_PREFIX} Processing project extra '{extra}'"
-        )
+    extra_dep_names: List[str] = []
+    for extra in extras:
+        logger.info(f"Processing project extra '{extra}'")
         try:
-            extra_dependencies += [
-                packages[item.name] for item in poetry.package.extras[extra]
-            ]
+            extra_dep_names += [item.name for item in poetry.package.extras[extra]]
         except KeyError:
             raise exceptions.ExtraNotFoundError(
-                f"Environment '{venv.name}' specifies project extra '{extra}' which was not found in the lockfile"
+                f"Environment specifies project extra '{extra}' which was not found in the lockfile"
             ) from None
 
     dependencies: List[PoetryPackage] = []
-    for dep in base_dependencies + extra_dependencies:
-        dependencies += find_transients(
-            packages, dep.name.lower(), allow_missing=[poetry.package.name]
+    for dep_name in required_dep_names + extra_dep_names:
+        dependencies += identify_transients(
+            dep_name.lower(), packages, venv, allow_missing=[poetry.package.name]
         )
 
-    return dependencies
+    return dedupe_packages(dependencies)
+
+
+def find_additional_deps(
+    packages: PackageMap,
+    venv: "_poetry.VirtualEnv",
+    poetry: "_poetry.Poetry",
+    dep_names: Sequence[str],
+) -> List[PoetryPackage]:
+    """Find additional dependencies
+
+    Recursively identify the dependencies of an arbitrary list of package names
+
+    :param packages: Mapping of all locked package names to their corresponding package object
+    :param venv: Poetry virtual environment to use for package compatibility checks
+    :param poetry: Poetry object for the current project
+    :param dep_names: Sequence of additional dependency names to recursively find the transient
+                      dependencies for
+    """
+    dependencies: List[PoetryPackage] = []
+    for dep_name in dep_names:
+        dependencies += identify_transients(
+            dep_name.lower(), packages, venv, allow_missing=[poetry.package.name]
+        )
+
+    return dedupe_packages(dependencies)
+
+
+def find_group_deps(
+    group: str,
+    packages: PackageMap,
+    venv: "_poetry.VirtualEnv",
+    poetry: "_poetry.Poetry",
+) -> List[PoetryPackage]:
+    """Find the dependencies belonging to a dependency group
+
+    Recursively identify the Poetry dev dependencies
+
+    :param group: Name of the dependency group from the project's ``pyproject.toml``
+    :param packages: Mapping of all locked package names to their corresponding package object
+    :param venv: Poetry virtual environment to use for package compatibility checks
+    :param poetry: Poetry object for the current project
+    """
+    return find_additional_deps(
+        packages,
+        venv,
+        poetry,
+        poetry.pyproject.data["tool"]["poetry"]
+        .get("group", {})
+        .get(group, {})
+        .get("dependencies", {})
+        .keys(),
+    )
+
+
+def find_dev_deps(
+    packages: PackageMap, venv: "_poetry.VirtualEnv", poetry: "_poetry.Poetry"
+) -> List[PoetryPackage]:
+    """Find the dev dependencies
+
+    Recursively identify the Poetry dev dependencies
+
+    :param packages: Mapping of all locked package names to their corresponding package object
+    :param venv: Poetry virtual environment to use for package compatibility checks
+    :param poetry: Poetry object for the current project
+    """
+    dev_group_deps = find_group_deps("dev", packages, venv, poetry)
+
+    # Legacy pyproject.toml poetry format:
+    legacy_dev_group_deps = find_additional_deps(
+        packages,
+        venv,
+        poetry,
+        poetry.pyproject.data["tool"]["poetry"].get("dev-dependencies", {}).keys(),
+    )
+
+    # Poetry 1.2 unions these two toml sections.
+    return dedupe_packages(dev_group_deps + legacy_dev_group_deps)
+
+
+def dedupe_packages(packages: Sequence[PoetryPackage]) -> List[PoetryPackage]:
+    """Deduplicates a sequence of PoetryPackages while preserving ordering
+
+    Adapted from StackOverflow: https://stackoverflow.com/a/480227
+    """
+    seen: Set[PoetryPackage] = set()
+    # Make this faster, avoid method lookup below
+    seen_add = seen.add
+    return [p for p in packages if not (p in seen or seen_add(p))]