diff --git a/.config/requirements.in b/.config/requirements.in index 51080603e2..e388e96531 100644 --- a/.config/requirements.in +++ b/.config/requirements.in @@ -1,17 +1,17 @@ # Special order section for helping pip: will-not-work-on-windows-try-from-wsl-instead; platform_system=='Windows' -ansible-core>=2.13.0 # GPLv3 +ansible-core>=2.14.0 # GPLv3 ansible-compat>=24.10.0 # GPLv3 # alphabetically sorted: black>=24.3.0 # MIT (security) -filelock>=3.3.0 # The Unlicense +filelock>=3.8.2 # The Unlicense importlib-metadata # Apache jsonschema>=4.10.0 # MIT, version needed for improved errors -packaging>=21.3 # Apache-2.0,BSD-2-Clause +packaging>=22.0 # Apache-2.0,BSD-2-Clause pathspec>=0.10.3 # Mozilla Public License 2.0 (MPL 2.0) -pyyaml>=5.4.1 # MIT (centos 9 has 5.3.1) +pyyaml>=6.0.2 # MIT (compilation probles with older versions) ruamel.yaml>=0.18.5,!=0.18.7,!=0.18.8 # MIT subprocess-tee>=0.4.1 # MIT, used by ansible-compat -yamllint >= 1.30.0 # GPLv3 +yamllint >= 1.34.0 # GPLv3 wcmatch>=8.1.2; python_version < '3.12' # MIT wcmatch>=8.5.0; python_version >= '3.12' # MIT diff --git a/.github/lower-constraints.txt b/.github/lower-constraints.txt index d313869d14..380293c68e 100644 --- a/.github/lower-constraints.txt +++ b/.github/lower-constraints.txt @@ -1,18 +1,18 @@ # This file is kept in a different directory than .config in order to not be # automatically updated by dependabot. This should be kept in sync with # minimal requirements configured inside .config/requirements.in -ansible-core==2.13.0 -ansible-compat==24.5.1 # GPLv3 +ansible-core==2.14.0 +ansible-compat==24.10.0 # GPLv3 black==24.3.0 # MIT (security) -filelock==3.3.0 # The Unlicense +filelock==3.8.2 # The Unlicense jsonschema==4.10.0 # MIT, version needed for improved errors -packaging==21.3 +packaging==22.0 pathspec==0.10.3 -pyyaml==5.4.1 +pyyaml==6.0.2 ruamel.yaml==0.18.5 # MIT subprocess-tee==0.4.1 # MIT, used by ansible-compat # https://packages.ubuntu.com/noble/python3-wcmatch # https://packages.fedoraproject.org/pkgs/python-wcmatch/python3-wcmatch/ wcmatch==8.1.2; python_version < '3.12' # EPEL 8 wcmatch==8.5.0; python_version >= '3.12' -yamllint == 1.30.0 +yamllint == 1.34.0 diff --git a/.vault_pass b/.vault_pass new file mode 100644 index 0000000000..c2afca48e0 --- /dev/null +++ b/.vault_pass @@ -0,0 +1 @@ +secret123 diff --git a/ansible.cfg b/ansible.cfg index 3b5eeca7ef..da8921fba4 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,2 +1,4 @@ [defaults] collections_path = collections:examples/playbooks/collections +# to avoid accidental use of vault from user environment: +vault_password_file = .vault_pass diff --git a/src/ansiblelint/schemas/__store__.json b/src/ansiblelint/schemas/__store__.json index 377e224f1b..fb61accc27 100644 --- a/src/ansiblelint/schemas/__store__.json +++ b/src/ansiblelint/schemas/__store__.json @@ -24,7 +24,7 @@ "url": "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/inventory.json" }, "meta": { - "etag": "33b882f8306af33fd7983a5a837308926d2d862903404b9eea71a73e8b37eb38", + "etag": "6d6a0bc70042a1ad7341ae6b0de05136a1ebba521ee7ab3972c1a2574ff7d2c6", "url": "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/meta.json" }, "meta-runtime": { diff --git a/test/test_schemas.py b/test/test_schemas.py index d9c32e04c2..e6dd373c9b 100644 --- a/test/test_schemas.py +++ b/test/test_schemas.py @@ -96,17 +96,17 @@ def test_spdx() -> None: schema = json.load(f) spx_enum = schema["$defs"]["SPDXLicenseEnum"]["enum"] if set(spx_enum) != license_ids: - # In absence of a - if os.environ.get("PIP_CONSTRAINT", "/dev/null") == "/dev/null": + constraints = os.environ.get("PIP_CONSTRAINT", "/dev/null") + if constraints.endswith(".config/constraints.txt"): with galaxy_json.open("w", encoding="utf-8") as f: schema["$defs"]["SPDXLicenseEnum"]["enum"] = sorted(license_ids) json.dump(schema, f, indent=2) pytest.fail( - "SPDX license list inside galaxy.json JSON Schema file was updated.", + f"SPDX license list inside galaxy.json JSON Schema file was updated. {constraints}", ) else: warnings.warn( - "test_spdx failure was ignored because constraints were not pinned (PIP_CONSTRAINTS). This is expected for py310 and py-devel jobs.", + f"test_spdx failure was ignored because constraints were not pinned (PIP_CONSTRAINT={constraints}). This is expected for py310 and py-devel, lower jobs.", category=pytest.PytestWarning, stacklevel=1, ) diff --git a/tox.ini b/tox.ini index 247ec006ea..9b3fc441cb 100644 --- a/tox.ini +++ b/tox.ini @@ -70,7 +70,11 @@ setenv = COVERAGE_FILE = {env:COVERAGE_FILE:{envdir}/.coverage.{envname}} COVERAGE_PROCESS_START={toxinidir}/pyproject.toml PIP_CONSTRAINT = {toxinidir}/.config/constraints.txt - devel,pkg,pre,py310: PIP_CONSTRAINT = /dev/null + UV_CONSTRAINT = {toxinidir}/.config/constraints.txt + devel,pkg,pre,py310,lint,hook,deps,schemas: PIP_CONSTRAINT = /dev/null + devel,pkg,pre,py310,lint,hook,deps,schemas: UV_CONSTRAINT = /dev/null + lower: PIP_CONSTRAINT = {toxinidir}/.github/lower-constraints.txt + lower: UV_CONSTRAINT = {toxinidir}/.github/lower-constraints.txt PIP_DISABLE_PIP_VERSION_CHECK = 1 PRE_COMMIT_COLOR = always # Number of expected test passes, safety measure for accidental skip of @@ -108,23 +112,15 @@ commands = passenv = {[testenv]passenv} PRE_COMMIT_HOME -setenv = - {[testenv]setenv} - # avoid messing pre-commit with out own constraints - PIP_CONSTRAINT= [testenv:lower] description = Install using lower-constraints.txt file for testing oldest versions. -setenv = - PIP_CONSTRAINT = {toxinidir}/.github/lower-constraints.txt [testenv:hook] description = Validate pre-commit hook definition deps = pre-commit commands = ./tools/test-hook.sh -setenv = - PIP_CONSTRAINT=/dev/null [testenv:deps] description = Bump all test dependencies @@ -134,9 +130,6 @@ skip_install = true basepython = python3.10 deps = {[testenv:lint]deps} -setenv = - # without his upgrade would likely not do anything - PIP_CONSTRAINT = /dev/null commands_pre = commands = -pre-commit run --all-files --show-diff-on-failure --hook-stage manual lock @@ -178,9 +171,6 @@ commands = description = Rebuild and test JSON Schemas deps = check-jsonschema>=0.26.3 -setenv = - # without this upgrade would likely not do anything - PIP_CONSTRAINT = /dev/null skip_install = true changedir = test/schemas commands_pre =