256 lines
8.3 KiB
TOML
256 lines
8.3 KiB
TOML
[tool.poetry]
|
|
name = "spiffworkflow-backend"
|
|
version = "0.0.0"
|
|
description = "Spiffworkflow Backend"
|
|
authors = ["Sartography <sartography@users.noreply.github.com>"]
|
|
license = "LGPL-2.1"
|
|
readme = "README.rst"
|
|
homepage = "https://spiffworkflow.org"
|
|
repository = "https://github.com/sartography/spiff-arena"
|
|
documentation = "https://spiff-arena.readthedocs.io"
|
|
classifiers = [
|
|
"Development Status :: 4 - Beta",
|
|
]
|
|
|
|
[tool.poetry.urls]
|
|
Changelog = "https://github.com/orgs/sartography/packages?repo_name=spiff-arena"
|
|
|
|
[tool.poetry.dependencies]
|
|
python = ">=3.10,<3.13"
|
|
flask = "2.2.5"
|
|
flask-admin = "*"
|
|
flask-bcrypt = "*"
|
|
flask-cors = "*"
|
|
flask-jwt-extended = "^4.4.4"
|
|
flask-marshmallow = "*"
|
|
flask-migrate = "*"
|
|
flask-restful = "*"
|
|
SpiffWorkflow = {git = "https://github.com/sartography/SpiffWorkflow", rev = "main"}
|
|
# SpiffWorkflow = {develop = true, path = "../../spiffworkflow/" }
|
|
# SpiffWorkflow = {develop = true, path = "../../SpiffWorkflow/" }
|
|
sentry-sdk = {extras = ['flask'], version = "^2.5"}
|
|
# sphinx-autoapi = "^2.0"
|
|
psycopg2 = "^2.9.3"
|
|
typing-extensions = "^4.12.2"
|
|
|
|
spiffworkflow-connector-command = {git = "https://github.com/sartography/spiffworkflow-connector-command.git", rev = "main"}
|
|
|
|
# pinned to higher than 65.5.0 because of a vulnerability
|
|
# and to lower than 67 because i didn't feel like addressing
|
|
# new deprecation warnings. we don't need this library explicitly,
|
|
# but at one time it was pulled in by various libs we depend on.
|
|
setuptools = "^70.1.1"
|
|
|
|
# we cannot upgrade werkzeug due to connexion. See comment in .snyk file
|
|
werkzeug = "^2.3"
|
|
connexion = {extras = [ "swagger-ui",], version = "^2"}
|
|
|
|
lxml = "^4.9.1"
|
|
marshmallow-enum = "^1.5.1"
|
|
PyJWT = "^2.6.0"
|
|
APScheduler = "*"
|
|
Jinja2 = "^3.1.3"
|
|
RestrictedPython = "^7.1"
|
|
Flask-SQLAlchemy = "^3"
|
|
|
|
# 22.0.0 breaks passing in SCRIPT_NAME as a header which breaks status environments
|
|
# https://github.com/benoitc/gunicorn/issues/3200
|
|
# https://github.com/benoitc/gunicorn/issues/2650
|
|
gunicorn = "21.2.0"
|
|
|
|
# https://github.com/dropbox/sqlalchemy-stubs/pull/251
|
|
# someday get off github
|
|
# sqlalchemy-stubs = "^0.4"
|
|
# sqlalchemy-stubs = { git = "https://github.com/dropbox/sqlalchemy-stubs.git", rev = "master" }
|
|
# sqlalchemy-stubs = {develop = true, path = "/Users/kevin/projects/github/sqlalchemy-stubs"}
|
|
# for now use my fork
|
|
sqlalchemy-stubs = { git = "https://github.com/burnettk/sqlalchemy-stubs.git", rev = "scoped-session-delete" }
|
|
simplejson = "^3.17.6"
|
|
pytz = "^2024.1"
|
|
dateparser = "^1.2.0"
|
|
cryptography = "^42.0"
|
|
prometheus-flask-exporter = "^0.23.0"
|
|
|
|
sqlalchemy = "^2.0.31"
|
|
marshmallow-sqlalchemy = "^1.0.0"
|
|
|
|
# mysqlclient lib is deemed better than the mysql-connector-python lib by sqlalchemy
|
|
# https://docs.sqlalchemy.org/en/20/dialects/mysql.html#module-sqlalchemy.dialects.mysql.mysqlconnector
|
|
mysqlclient = "^2.2.3"
|
|
flask-session = "^0.5.0"
|
|
flask-oauthlib = "^0.9.6"
|
|
celery = {extras = ["redis"], version = "^5.3.5"}
|
|
celery-stubs = "^0.1.3"
|
|
jsonschema = "^4.22.0"
|
|
chardet = "^5.2.0"
|
|
|
|
# 1.3.0 adds an print statement that keeps printing None
|
|
# https://github.com/pixee/python-security/blob/6256809dac1c45530e5eeef8b48032a2bbd6b7d6/src/security/safe_command/api.py#L640
|
|
security = "^1.3.1"
|
|
|
|
[tool.poetry.scripts]
|
|
spiffworkflow-backend = "spiffworkflow_backend.__main__:main"
|
|
|
|
[tool.poetry.group.dev.dependencies]
|
|
pytest = "^8.2.2"
|
|
coverage = {extras = ["toml"], version = "^7.5"}
|
|
safety = "^3.2.3"
|
|
mypy = ">=0.961"
|
|
typeguard = "^4"
|
|
xdoctest = {extras = ["colors"], version = "^1.1.3"}
|
|
pre-commit = "^2.20.0"
|
|
ruff = "^0.4.7"
|
|
|
|
pytest-random-order = "^1.1.0"
|
|
pytest-flask = "^1.2.0"
|
|
pytest-flask-sqlalchemy = "^1.1.0"
|
|
|
|
# 3.4+ broke existfirst option which we use
|
|
# https://stackoverflow.com/questions/77667559/pytest-xdist-3-40-and-higher-not-honoring-exitfirst
|
|
# https://github.com/pytest-dev/pytest-xdist/issues/1034
|
|
pytest-xdist = "3.3.1"
|
|
|
|
# 1.7.3 broke us. https://github.com/PyCQA/bandit/issues/841
|
|
bandit = "1.7.8"
|
|
|
|
# flask-sqlalchemy-stubs = "^0.2"
|
|
pre-commit-hooks = "^4.0.1"
|
|
Pygments = "^2.18.0"
|
|
|
|
# type hinting stuff
|
|
types-dateparser = "^1.2.0.20240420"
|
|
types-Werkzeug = "^1.0.9"
|
|
types-PyYAML = "^6.0.12"
|
|
types-Flask = "^1.1.6"
|
|
types-requests = "^2.32.0"
|
|
types-pytz = "^2024.1.0"
|
|
|
|
[tool.pytest.ini_options]
|
|
# ignore deprecation warnings from various packages that we don't control
|
|
filterwarnings = [
|
|
# note the use of single quote below to denote "raw" strings in TOML
|
|
# kombu/utils/compat.py:82
|
|
'ignore:SelectableGroups dict interface is deprecated. Use select.',
|
|
# flask_marshmallow/__init__.py:34
|
|
# marshmallow_sqlalchemy/convert.py:17
|
|
'ignore:distutils Version classes are deprecated. Use packaging.version instead.',
|
|
# connexion/json_schema.py:17
|
|
'ignore:jsonschema.exceptions.RefResolutionError is deprecated as of version 4.18.0',
|
|
'ignore:jsonschema.RefResolver is deprecated as of v4.18.0',
|
|
# connexion/spec.py:50
|
|
'ignore:Passing a schema to Validator.iter_errors is deprecated and will be removed in a future release',
|
|
# connexion/decorators/validation.py:16
|
|
'ignore:Accessing jsonschema.draft4_format_checker is deprecated and will be removed in a future release.',
|
|
# connexion/apis/flask_api.py:236
|
|
"ignore:'_request_ctx_stack' is deprecated and will be removed in Flask 2.3",
|
|
"ignore:Setting 'json_encoder' on the app or a blueprint is deprecated and will be removed in Flask 2.3",
|
|
"ignore:'JSONEncoder' is deprecated and will be removed in Flask 2.3",
|
|
"ignore:'app.json_encoder' is deprecated and will be removed in Flask 2.3",
|
|
# SpiffWorkflow/bpmn/PythonScriptEngineEnvironment.py
|
|
'ignore:The usage of Box has been deprecated',
|
|
# dateutil/tz/tz.py:37
|
|
'ignore:datetime\.datetime\.utcfromtimestamp\(\) is deprecated:DeprecationWarning',
|
|
]
|
|
|
|
[tool.coverage.paths]
|
|
source = ["src", "*/site-packages"]
|
|
tests = ["tests", "*/tests"]
|
|
|
|
[tool.coverage.run]
|
|
branch = true
|
|
source = ["spiffworkflow_backend", "tests"]
|
|
|
|
[tool.coverage.report]
|
|
show_missing = true
|
|
fail_under = 50
|
|
|
|
[tool.mypy]
|
|
strict = true
|
|
disallow_any_generics = false
|
|
warn_unreachable = true
|
|
pretty = true
|
|
show_column_numbers = true
|
|
show_error_codes = true
|
|
show_error_context = true
|
|
plugins = "sqlmypy"
|
|
|
|
# We get 'error: Module has no attribute "set_context"' for sentry-sdk without this option
|
|
implicit_reexport = true
|
|
|
|
# allow for subdirs to NOT require __init__.py
|
|
namespace_packages = true
|
|
explicit_package_bases = false
|
|
|
|
# [tool.pyright]
|
|
# Pyright: Import "flask" could not be resolved
|
|
# ultimately resolved by creating a pyrightconfig.json file with venv and venvPath
|
|
# Pyright: "hey" is not accessed
|
|
# See: https://github.com/microsoft/pyright/discussions/3929#discussioncomment-5434231
|
|
# "Those are not warnings" and cannot be turned off like this:
|
|
# reportUnusedVariable = false
|
|
# solution was https://www.reddit.com/r/neovim/comments/11k5but/comment/jbjwwtf in vim settings
|
|
|
|
|
|
# for editor support like vim
|
|
[tool.ruff]
|
|
lint.select = [
|
|
# "ANN", # flake8-annotations
|
|
"ASYNC", # flake8-async
|
|
"B", # flake8-bugbear
|
|
# "BLE", # flake8-blind-except
|
|
"C", # mccabe
|
|
# "D", # pydocstyle
|
|
"E", # pycodestyle error
|
|
# "ERA", # eradicate
|
|
"F", # pyflakes
|
|
# "FBT", # flake8-boolean-trap
|
|
"N", # pep8-naming
|
|
"PL", # pylint
|
|
"S", # flake8-bandit
|
|
"T", # flake8-print
|
|
"UP", # pyupgrade
|
|
"W", # pycodestyle warning
|
|
"I", # isort
|
|
"YTT", # flake8-2020
|
|
]
|
|
|
|
lint.ignore = [
|
|
"C901", # "complexity" category
|
|
"PLR", # "refactoring" category has "too many lines in method" type stuff
|
|
"PLC1901",
|
|
"PLE1205" # saw this Too many arguments for `logging` format string give a false positive once
|
|
]
|
|
|
|
line-length = 130
|
|
|
|
# target python 3.10
|
|
target-version = "py310"
|
|
|
|
exclude = [
|
|
"migrations"
|
|
]
|
|
|
|
[tool.ruff.lint.per-file-ignores]
|
|
"migrations/versions/*.py" = ["E501"]
|
|
"tests/**/*.py" = ["PLR2004", "S101"] # PLR2004 is about magic vars, S101 allows assert
|
|
"bin/*.py" = ["T"] # it's ok to print things in scripts
|
|
|
|
[tool.ruff.lint.isort]
|
|
force-single-line = true
|
|
|
|
# pip install fixit && fixit fix -a src
|
|
[tool.fixit]
|
|
disable = [
|
|
"fixit.rules:CompareSingletonPrimitivesByIs",
|
|
]
|
|
|
|
[build-system]
|
|
requires = ["poetry-core>=1.0.0"]
|
|
build-backend = "poetry.core.masonry.api"
|
|
|
|
[tool.safety]
|
|
# you can generate a config file for safety, but this doesn't work with safety check.
|
|
# it complains about the config file being in too new a format.
|
|
# you have to use safety scan, which requires a login.
|
|
# so in the meantime, we're ignoring an unfixable issue in ./bin/run_ci_session itself
|