Skip to content

fix(deps): add pip-tools lockfile with hash pinning - VC-53681 [Logos] #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anapatil-panw merged 3 commits into from
Jun 17, 2026
Merged

fix(deps): add pip-tools lockfile with hash pinning - VC-53681 [Logos] #199

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a79b582
fix(deps): add pip-tools lockfile with hash pinning — VC-53681
ndevarapalli-panw Jun 15, 2026
7077846
deps: address review feedback and fix safety regression
ndevarapalli-panw Jun 17, 2026
ff337f0
deps: address follow-up review findings
ndevarapalli-panw Jun 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
requirements.txt linguist-generated=true
requirements-build.txt linguist-generated=true
8 changes: 3 additions & 5 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
FROM python:3
FROM python:3.9-slim

WORKDIR /usr/src/app

COPY requirements.txt ./
COPY requirements-build.txt ./
COPY docker-entrypoint.sh ./
RUN pip install --no-cache-dir -r requirements.txt
RUN pip install --no-cache-dir -r requirements-build.txt
RUN pip install --no-cache-dir --require-hashes -r requirements-build.txt

COPY . .

CMD [ "./docker-entrypoint.sh" ]
CMD [ "./docker-entrypoint.sh" ]
10 changes: 10 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
.EXPORT_ALL_VARIABLES:
PYTHONPATH=./:$PYTHONPATH
PIP_TOOLS_VERSION=7.5.3

.PHONY: lock test publish

lock:
docker run --rm -v "$$(pwd)":/work -w /work python:3.9 \
sh -c "pip install pip-tools==$(PIP_TOOLS_VERSION) && \
pip-compile --generate-hashes --output-file requirements.txt requirements.in && \
pip-compile --generate-hashes --output-file requirements-build.txt requirements-build.in && \
chown $$(id -u):$$(id -g) requirements.txt requirements-build.txt"

test:
docker build -t vcert-tests .
Expand Down
8 changes: 8 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,14 @@ NOTE: While developing with vcert-python, it is helpful if you are using a virtu
install the vcert-python library from source in development mode with `pip install --editable`.
See https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/

### Managing dependencies

`requirements.txt` and `requirements-build.txt` are generated by [pip-tools](https://github.com/jazzband/pip-tools) and contain hash-pinned transitive dependencies. Do not edit them directly. To add or update a dependency:

1. Edit `requirements.in` (runtime) or `requirements-build.in` (build/test)
2. Run `make lock` to regenerate the lockfiles (requires Docker)
3. Commit both the `.in` and `.txt` files together

## Version History

[Check version history here](https://github.com/Venafi/vcert-python/blob/master/docs/version_history.md)
Expand Down
5 changes: 5 additions & 0 deletions requirements-build.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-r requirements.in
pytest==7.4.3
pytest-cov==4.1.0
safety==2.3.5
bandit==1.7.7
693 changes: 688 additions & 5 deletions requirements-build.txt
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions requirements.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
requests==2.32.4
python-dateutil==2.8.2
cryptography==45.0.7
six==1.17.0
ruamel.yaml==0.18.13
pynacl==1.5.0
379 changes: 373 additions & 6 deletions requirements.txt
View file
Open in desktop

Large diffs are not rendered by default.