Update copyright for the new year

Update CI

.github/scripts/setup-env.sh

@@ -7,66 +7,29 @@
 
 set -e;
 
-# ##### Prereqs #####
-#
-# Set global vars for usage in the script, create the cache directory so we can rely
-# on that existing, then dump some diagnostic info for later reference.
-#
-CI_VENV=$HOME/ci;
 CI_CACHE=$HOME/.cache;
-CI_CACHE_GET_POETRY="$CI_CACHE/get-poetry.py";
-CI_POETRY=$HOME/.poetry/bin/poetry;
-CI_VENV_PIP="$CI_VENV/bin/pip";
-CI_VENV_PIP_VERSION=19.3.1;
-CI_VENV_TOX="$CI_VENV/bin/tox";
+POETRY_VERSION=1.1.12;
 
 mkdir --parents "$CI_CACHE";
 
 command -v python;
 python --version;
 
-# ##### Install Poetry #####
-#
-# Download the poetry install script to the cache directory and then install poetry.
-# After dump the poetry version for later reference.
-#
-curl https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py \
-  --output "$CI_CACHE_GET_POETRY" \
+curl --location https://install.python-poetry.org \
+  --output "$CI_CACHE/install-poetry.py" \
   --silent \
-  --show-error \
-  --location;
-python "$CI_CACHE_GET_POETRY" --yes 1>/dev/null;
+  --show-error;
+python "$CI_CACHE/install-poetry.py" \
+  --version "$POETRY_VERSION" \
+  --yes;
+poetry --version --no-ansi;
+poetry run pip --version;
 
-python "$CI_POETRY" --version --no-ansi;
-
-# ##### Setup Runtime Venv #####
-#
-# Create a virtual environment for poetry to use, upgrade pip in that venv to a pinned
-# version, then install the current project to the venv.
-#
-# Note 1: Poetry, Tox, and this project plugin all use pip under the hood for package
-#         installation. This means that even though we are creating up to eight venvs
-#         during a given CI run they all share the same download cache.
-# Note 2: The "VIRTUAL_ENV=$CI_VENV" prefix on the poetry commands below sets the venv
-#         that poetry will use for operations. There is no CLI flag for poetry that
-#         directs it to use a given environment, but if it finds itself in an existing
-#         environment it will use it and skip environment creation.
-#
-python -m venv "$CI_VENV";
-
-$CI_VENV_PIP install "pip==$CI_VENV_PIP_VERSION" \
-  --upgrade \
-  --quiet;
-
-VIRTUAL_ENV=$CI_VENV "$CI_POETRY" install \
+poetry install \
   --extras poetry \
   --quiet \
-  --no-ansi \
-  &>/dev/null;
+  --remove-untracked \
+  --no-ansi;
 
-# ##### Print Debug Info #####
-#
-# Print the pip and tox versions (which will include registered plugins)
-#
-$CI_VENV_PIP --version;
-echo "tox $($CI_VENV_TOX --version)";
+poetry env info;
+poetry run tox --version;

.github/workflows/ci.yaml

@@ -11,22 +11,24 @@ jobs:
     strategy:
       matrix:
         python:
-          - version: 3.6
+          - version: "3.6"
             toxenv: py36
-          - version: 3.7
+          - version: "3.7"
             toxenv: py37
-          - version: 3.8
+          - version: "3.8"
             toxenv: py38
-          - version: 3.9
+          - version: "3.9"
             toxenv: py39
+          - version: "3.10"
+            toxenv: py310
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup:python${{ matrix.python.version }}
+      - name: Install Python ${{ matrix.python.version }}
         uses: actions/setup-python@v1
         with:
           python-version: ${{ matrix.python.version }}
-      - name: Setup:cache
+      - name: Configure Job Cache
         uses: actions/cache@v2
         with:
           path: |
@@ -37,20 +39,22 @@ jobs:
           # will be invalidated, and thus all packages will be redownloaded, if the
           # lockfile is updated
           key: ${{ runner.os }}-${{ matrix.python.toxenv }}-${{ hashFiles('**/poetry.lock') }}
-      - name: Setup:env
+      - name: Configure Path
+        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+      - name: Configure Environment
         run: .github/scripts/setup-env.sh
-      - name: Run:${{ matrix.python.toxenv }}
-        run: $HOME/ci/bin/tox -e ${{ matrix.python.toxenv }}
+      - name: Run Toxenv ${{ matrix.python.toxenv }}
+        run: poetry run tox -e ${{ matrix.python.toxenv }}
   Check:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup:python3.8
+      - name: Install Python 3.8
         uses: actions/setup-python@v1
         with:
           python-version: 3.8
-      - name: Setup:cache
+      - name: Configure Job Cache
         uses: actions/cache@v2
         with:
           path: |
@@ -60,11 +64,13 @@ jobs:
           # Hardcoded 'py38' slug here lets this cache piggyback on the 'py38' cache
           # that is generated for the tests above
           key: ${{ runner.os }}-py38-${{ hashFiles('**/poetry.lock') }}
-      - name: Setup:env
+      - name: Configure Path
+        run: echo "$HOME/.local/bin" >> $GITHUB_PATH
+      - name: Configure Environment
         run: .github/scripts/setup-env.sh
-      - name: Run:static
-        run: $HOME/ci/bin/tox -e static
-      - name: Run:static-tests
-        run: $HOME/ci/bin/tox -e static-tests
-      - name: Run:security
-        run: $HOME/ci/bin/tox -e security
+      - name: Run Static Analysis Checks
+        run: poetry run tox -e static
+      - name: Run Static Analysis Checks (Tests)
+        run: poetry run tox -e static-tests
+      - name: Run Security Checks
+        run: poetry run tox -e security

CHANGELOG.md

@@ -2,6 +2,34 @@
 
 See also: [Github Release Page](https://github.com/enpaul/tox-poetry-installer/releases).
 
+## Version 0.8.3
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.3),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.3/)
+
+- Add PyPI classifier for Python 3.10 compatibility
+
+## Version 0.8.2
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.2),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.2/)
+
+- Improve debug-level logging for package installation, and time how long installing each
+  package takes. Contributed by [Rebecca
+  Turner](https://github.com/9999years).
+- Fix crash caused by the package-under-test depending on Poetry's unsafe dependencies ([#65](https://github.com/enpaul/tox-poetry-installer/issues/65))
+
+## Version 0.8.1
+
+View this release on:
+[Github](https://github.com/enpaul/tox-poetry-installer/releases/tag/0.8.1),
+[PyPI](https://pypi.org/project/tox-poetry-installer/0.8.1/)
+
+- Fix unintuitive behavior of the `install_project_deps` option by ensuring the specified
+  value always causes the implied action
+
 ## Version 0.8.0
 
 View this release on:

LICENSE.md

@@ -1,4 +1,4 @@
-## Copyright 2020 Ethan Paul
+## Copyright 2020, 2022 Ethan Paul
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this
 software and associated documentation files (the "Software"), to deal in the Software
@@ -9,4 +9,9 @@ to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or
 substantial portions of the Software.
 
-**THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.**
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

README.md

@@ -231,6 +231,7 @@ error will be set to one of the "Status" values below to indicate what the error
 | `LockedDepNotFoundError`        | Indicates that an item specified in the `locked_deps` config option does not match the name of a package in the Poetry lockfile.                                                                                                |
 | `LockedDepsRequiredError`       | Indicates that a test environment with the `require_locked_deps` config option set to `true` also specified unlocked dependencies using the [`deps`](https://tox.readthedocs.io/en/latest/config.html#conf-deps) config option. |
 | `PoetryNotInstalledError`       | Indicates that the `poetry` module could not be imported under the current runtime environment, and the `--require-poetry` flag was provided.                                                                                   |
+| `RequiresUnsafeDepError`        | Indicates that the package-under-test depends on a package that Poetry has classified as unsafe and cannot be installed.                                                                                                        |
 
 > **Note:** One or more of these errors can be caused by the `pyproject.toml` being out of
 > sync with the Poetry lockfile. If this is the case, than a warning will be logged when Tox
@@ -329,9 +330,9 @@ python -c '\
 '
 ```
 
-> **Note:** To force Tox to fail if Poetry is not installed, run the `tox` command with the
-> `--require-poetry` option. See the [Runtime Options](#runtime-options) for more
-> information.
+> **Note:** To force Tox to fail if Poetry is not installed, add the `require_poetry = true`
+> option to the tox `[testenv]` configuration. See the
+> [Config Options](#configuration-options) for more information.
 
 ## Developer Documentation
 
@@ -351,8 +352,8 @@ are tracked on [Github](https://github.com/enpaul/tox-poetry-installer/releases)
   [fork the repository](https://docs.github.com/en/enterprise/2.20/user/github/getting-started-with-github/fork-a-repo)
   and [open a pull request](https://github.com/enpaul/tox-poetry-installer/compare).
 
-Developing this project requires at least [Python 3.6](https://www.python.org/downloads/)
-and at least [Poetry 1.0](https://python-poetry.org/docs/#installation). GNU Make can
+Developing this project requires [Python 3.7+](https://www.python.org/downloads/) and
+[Poetry 1.0](https://python-poetry.org/docs/#installation) or later. GNU Make can
 optionally be used to quickly setup a local development environment, but this is not
 required.
 
@@ -425,6 +426,6 @@ Everything in Beta plus...
 
 - [ ] Fully replace dependency on `poetry` with dependency on `poetry-core` ([#2](https://github.com/enpaul/tox-poetry-installer/issues/2))
 - [x] Add comprehensive unit tests
-- [ ] Add tests for each feature version of Tox between 3.8 and 3.20
+- [ ] ~Add tests for each feature version of Tox between 3.8 and 3.20~
 - [x] Add tests for Python-3.6, 3.7, 3.8, and 3.9
 - [x] Add Github Actions based CI

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "tox-poetry-installer"
-version = "0.8.1"
+version = "0.8.3"
 license = "MIT"
 authors = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]
 description = "A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile"
@@ -27,6 +27,7 @@ classifiers = [
   "Programming Language :: Python :: 3.7",
   "Programming Language :: Python :: 3.8",
   "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
   "Programming Language :: Python :: Implementation :: CPython",
 ]
 
@@ -44,10 +45,12 @@ tox = "^3.8.0"
 
 [tool.poetry.dev-dependencies]
 bandit = "^1.6.2"
-black = { version = "^20.8b1", allow-prereleases = true }
+black = {version = "^21.12b0", allow-prereleases = true, python = "^3.7"}
 blacken-docs = "^1.8.0"
 ipython = { version = "^7.18.1", python = "^3.7" }
-mypy = "^0.782"
+mdformat = "^0.6"
+mdformat-gfm = "^0.2"
+mypy = "^0.930"
 pre-commit = "^2.7.1"
 pre-commit-hooks = "^3.3.0"
 pylint = "^2.4.4"
@@ -57,8 +60,7 @@ reorder-python-imports = "^2.3.5"
 safety = "^1.9.0"
 toml = "^0.10.1"
 tox = "^3.20.0"
-mdformat = "^0.6.4"
-mdformat-gfm = "^0.2"
+types-toml = "^0.10.1"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

tests/test_transients.py

@@ -20,19 +20,16 @@ def test_exclude_unsafe():
     assert Provider.UNSAFE_PACKAGES == constants.UNSAFE_PACKAGES
 
     for dep in constants.UNSAFE_PACKAGES:
-        assert utilities.identify_transients(dep, dict(), None) == []
+        assert not utilities.identify_transients(dep, {}, None)
 
 
 def test_allow_missing():
     """Test that the ``allow_missing`` parameter works as expected"""
     with pytest.raises(exceptions.LockedDepNotFoundError):
-        utilities.identify_transients("luke-skywalker", dict(), None)
+        utilities.identify_transients("luke-skywalker", {}, None)
 
-    assert (
-        utilities.identify_transients(
-            "darth-vader", dict(), None, allow_missing=["darth-vader"]
-        )
-        == []
+    assert not utilities.identify_transients(
+        "darth-vader", {}, None, allow_missing=["darth-vader"]
     )
 
 
@@ -51,7 +48,7 @@ def test_exclude_pep508():
         "=>foo",
     ]:
         with pytest.raises(exceptions.LockedDepVersionConflictError):
-            utilities.identify_transients(version, dict(), None)
+            utilities.identify_transients(version, {}, None)
 
 
 def test_functional(mock_poetry_factory, mock_venv):

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, py38, py39, static, static-tests, security
+envlist = py36, py37, py38, py39, py310, static, static-tests, security
 isolated_build = true
 skip_missing_interpreters = true
 
@@ -14,7 +14,10 @@ locked_deps =
     pytest-cov
     toml
 commands =
-    pytest --cov {toxinidir}/tox_poetry_installer --cov-config {toxinidir}/.coveragerc --cov-report term-missing {toxinidir}/tests/
+    pytest {toxinidir}/tests/ \
+      --cov {toxinidir}/tox_poetry_installer \
+      --cov-config {toxinidir}/.coveragerc \
+      --cov-report term-missing
 
 [testenv:static]
 description = Static formatting and quality enforcement
@@ -31,10 +34,15 @@ locked_deps =
     pre-commit
     pre-commit-hooks
     pylint
+    types-toml
 commands =
-    pre-commit run --all-files
-    pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tox_poetry_installer/
-    mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tox_poetry_installer/
+    pre-commit run \
+      --all-files
+    pylint {toxinidir}/tox_poetry_installer/ \
+      --rcfile {toxinidir}/.pylintrc
+    mypy {toxinidir}/tox_poetry_installer/ \
+      --ignore-missing-imports \
+      --no-strict-optional
 
 [testenv:static-tests]
 description = Static formatting and quality enforcement for the tests
@@ -45,21 +53,37 @@ locked_deps =
     pylint
     pytest
     mypy
+    types-toml
 commands =
-    pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tests/
-    mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tests/
+    pylint {toxinidir}/tests/ \
+      --rcfile {toxinidir}/.pylintrc
+    mypy {toxinidir}/tests/ \
+      --ignore-missing-imports \
+      --no-strict-optional
 
 [testenv:security]
 description = Security checks
 basepython = python3.8
 platform = linux
 ignore_errors = true
+skip_install = true
 locked_deps =
     bandit
     safety
     poetry
 commands =
-    bandit --recursive --quiet {toxinidir}/tox_poetry_installer/
-    bandit --recursive --quiet --skip B101 {toxinidir}/tests/
-    poetry export --format requirements.txt --output {envtmpdir}/requirements.txt --without-hashes --dev
-    safety check --bare --file {envtmpdir}/requirements.txt
+    bandit {toxinidir}/tox_poetry_installer/ \
+      --recursive \
+      --quiet
+    bandit {toxinidir}/tests/ \
+      --recursive \
+      --quiet \
+      --skip B101
+    poetry export \
+      --format requirements.txt \
+      --output {envtmpdir}/requirements.txt \
+      --without-hashes \
+      --dev
+    safety check \
+      --file {envtmpdir}/requirements.txt \
+      --json

tox_poetry_installer/__about__.py

@@ -1,7 +1,7 @@
 # pylint: disable=missing-docstring
 __title__ = "tox-poetry-installer"
 __summary__ = "A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile"
-__version__ = "0.8.1"
+__version__ = "0.8.3"
 __url__ = "https://github.com/enpaul/tox-poetry-installer/"
 __license__ = "MIT"
 __authors__ = ["Ethan Paul <24588726+enpaul@users.noreply.github.com>"]

tox_poetry_installer/exceptions.py

@@ -11,6 +11,7 @@ All exceptions should inherit from the common base exception :exc:`ToxPoetryInst
    +-- LockedDepNotFoundError
    +-- ExtraNotFoundError
    +-- LockedDepsRequiredError
+   +-- RequiresUnsafeDepError
 
 """
 
@@ -41,3 +42,7 @@ class ExtraNotFoundError(ToxPoetryInstallerException):
 
 class LockedDepsRequiredError(ToxPoetryInstallerException):
     """Environment cannot specify unlocked dependencies when locked dependencies are required"""
+
+
+class RequiresUnsafeDepError(ToxPoetryInstallerException):
+    """Package under test depends on an unsafe dependency and cannot be installed"""

tox_poetry_installer/installer.py

@@ -5,6 +5,7 @@
 import concurrent.futures
 import contextlib
 import typing
+from datetime import datetime
 from typing import Sequence
 from typing import Set
 
@@ -46,6 +47,13 @@ def install(
 
     installed: Set[PoetryPackage] = set()
 
+    def logged_install(dependency: PoetryPackage) -> None:
+        start = datetime.now()
+        logger.debug(f"Installing {dependency}")
+        pip.install(dependency)
+        end = datetime.now()
+        logger.debug(f"Finished installing {dependency} in {end - start}")
+
     @contextlib.contextmanager
     def _optional_parallelize():
         """A bit of cheat, really
@@ -66,8 +74,8 @@ def install(
         for dependency in packages:
             if dependency not in installed:
                 installed.add(dependency)
-                logger.debug(f"Installing {dependency}")
-                executor(pip.install, dependency)
+                logger.debug(f"Queuing {dependency}")
+                executor(logged_install, dependency)
             else:
                 logger.debug(f"Skipping {dependency}, already installed")
         logger.debug("Waiting for installs to finish...")

tox_poetry_installer/utilities.py

@@ -166,6 +166,11 @@ def find_project_deps(
     :param extras: Sequence of extra names to include the dependencies of
     """
 
+    if any(dep.name in constants.UNSAFE_PACKAGES for dep in poetry.package.requires):
+        raise exceptions.RequiresUnsafeDepError(
+            f"Project package requires one or more unsafe dependencies ({', '.join(constants.UNSAFE_PACKAGES)}) which cannot be installed with Poetry"
+        )
+
     base_deps: List[PoetryPackage] = [
         packages[item.name]
         for item in poetry.package.requires