spiff-arena/spiffworkflow-backend/pyproject.toml

256 lines
8.3 KiB
TOML

[tool.poetry]
name = "spiffworkflow-backend"
version = "0.0.0"
description = "Spiffworkflow Backend"
authors = ["Sartography <sartography@users.noreply.github.com>"]
license = "LGPL-2.1"
readme = "README.rst"
homepage = "https://spiffworkflow.org"
repository = "https://github.com/sartography/spiff-arena"
documentation = "https://spiff-arena.readthedocs.io"
classifiers = [
"Development Status :: 4 - Beta",
]
[tool.poetry.urls]
Changelog = "https://github.com/orgs/sartography/packages?repo_name=spiff-arena"
[tool.poetry.dependencies]
python = ">=3.10,<3.13"
flask = "2.2.5"
flask-admin = "*"
flask-bcrypt = "*"
flask-cors = "*"
flask-jwt-extended = "^4.4.4"
flask-marshmallow = "*"
flask-migrate = "*"
flask-restful = "*"
SpiffWorkflow = {git = "https://github.com/sartography/SpiffWorkflow", rev = "main"}
# SpiffWorkflow = {develop = true, path = "../../spiffworkflow/" }
# SpiffWorkflow = {develop = true, path = "../../SpiffWorkflow/" }
sentry-sdk = {extras = ['flask'], version = "^2.5"}
# sphinx-autoapi = "^2.0"
psycopg2 = "^2.9.3"
typing-extensions = "^4.12.2"
spiffworkflow-connector-command = {git = "https://github.com/sartography/spiffworkflow-connector-command.git", rev = "main"}
# pinned to higher than 65.5.0 because of a vulnerability
# and to lower than 67 because i didn't feel like addressing
# new deprecation warnings. we don't need this library explicitly,
# but at one time it was pulled in by various libs we depend on.
setuptools = "^70.1.1"
# we cannot upgrade werkzeug due to connexion. See comment in .snyk file
werkzeug = "^2.3"
connexion = {extras = [ "swagger-ui",], version = "^2"}
lxml = "^4.9.1"
marshmallow-enum = "^1.5.1"
PyJWT = "^2.6.0"
APScheduler = "*"
Jinja2 = "^3.1.3"
RestrictedPython = "^7.1"
Flask-SQLAlchemy = "^3"
# 22.0.0 breaks passing in SCRIPT_NAME as a header which breaks status environments
# https://github.com/benoitc/gunicorn/issues/3200
# https://github.com/benoitc/gunicorn/issues/2650
gunicorn = "21.2.0"
# https://github.com/dropbox/sqlalchemy-stubs/pull/251
# someday get off github
# sqlalchemy-stubs = "^0.4"
# sqlalchemy-stubs = { git = "https://github.com/dropbox/sqlalchemy-stubs.git", rev = "master" }
# sqlalchemy-stubs = {develop = true, path = "/Users/kevin/projects/github/sqlalchemy-stubs"}
# for now use my fork
sqlalchemy-stubs = { git = "https://github.com/burnettk/sqlalchemy-stubs.git", rev = "scoped-session-delete" }
simplejson = "^3.17.6"
pytz = "^2024.1"
dateparser = "^1.2.0"
cryptography = "^42.0"
prometheus-flask-exporter = "^0.23.0"
sqlalchemy = "^2.0.31"
marshmallow-sqlalchemy = "^1.0.0"
# mysqlclient lib is deemed better than the mysql-connector-python lib by sqlalchemy
# https://docs.sqlalchemy.org/en/20/dialects/mysql.html#module-sqlalchemy.dialects.mysql.mysqlconnector
mysqlclient = "^2.2.3"
flask-session = "^0.5.0"
flask-oauthlib = "^0.9.6"
celery = {extras = ["redis"], version = "^5.3.5"}
celery-stubs = "^0.1.3"
jsonschema = "^4.22.0"
chardet = "^5.2.0"
# 1.3.0 adds an print statement that keeps printing None
# https://github.com/pixee/python-security/blob/6256809dac1c45530e5eeef8b48032a2bbd6b7d6/src/security/safe_command/api.py#L640
security = "^1.3.1"
[tool.poetry.scripts]
spiffworkflow-backend = "spiffworkflow_backend.__main__:main"
[tool.poetry.group.dev.dependencies]
pytest = "^8.2.2"
coverage = {extras = ["toml"], version = "^7.5"}
safety = "^3.2.3"
mypy = ">=0.961"
typeguard = "^4"
xdoctest = {extras = ["colors"], version = "^1.1.3"}
pre-commit = "^2.20.0"
ruff = "^0.4.7"
pytest-random-order = "^1.1.0"
pytest-flask = "^1.2.0"
pytest-flask-sqlalchemy = "^1.1.0"
# 3.4+ broke existfirst option which we use
# https://stackoverflow.com/questions/77667559/pytest-xdist-3-40-and-higher-not-honoring-exitfirst
# https://github.com/pytest-dev/pytest-xdist/issues/1034
pytest-xdist = "3.3.1"
# 1.7.3 broke us. https://github.com/PyCQA/bandit/issues/841
bandit = "1.7.8"
# flask-sqlalchemy-stubs = "^0.2"
pre-commit-hooks = "^4.0.1"
Pygments = "^2.18.0"
# type hinting stuff
types-dateparser = "^1.2.0.20240420"
types-Werkzeug = "^1.0.9"
types-PyYAML = "^6.0.12"
types-Flask = "^1.1.6"
types-requests = "^2.32.0"
types-pytz = "^2024.1.0"
[tool.pytest.ini_options]
# ignore deprecation warnings from various packages that we don't control
filterwarnings = [
# note the use of single quote below to denote "raw" strings in TOML
# kombu/utils/compat.py:82
'ignore:SelectableGroups dict interface is deprecated. Use select.',
# flask_marshmallow/__init__.py:34
# marshmallow_sqlalchemy/convert.py:17
'ignore:distutils Version classes are deprecated. Use packaging.version instead.',
# connexion/json_schema.py:17
'ignore:jsonschema.exceptions.RefResolutionError is deprecated as of version 4.18.0',
'ignore:jsonschema.RefResolver is deprecated as of v4.18.0',
# connexion/spec.py:50
'ignore:Passing a schema to Validator.iter_errors is deprecated and will be removed in a future release',
# connexion/decorators/validation.py:16
'ignore:Accessing jsonschema.draft4_format_checker is deprecated and will be removed in a future release.',
# connexion/apis/flask_api.py:236
"ignore:'_request_ctx_stack' is deprecated and will be removed in Flask 2.3",
"ignore:Setting 'json_encoder' on the app or a blueprint is deprecated and will be removed in Flask 2.3",
"ignore:'JSONEncoder' is deprecated and will be removed in Flask 2.3",
"ignore:'app.json_encoder' is deprecated and will be removed in Flask 2.3",
# SpiffWorkflow/bpmn/PythonScriptEngineEnvironment.py
'ignore:The usage of Box has been deprecated',
# dateutil/tz/tz.py:37
'ignore:datetime\.datetime\.utcfromtimestamp\(\) is deprecated:DeprecationWarning',
]
[tool.coverage.paths]
source = ["src", "*/site-packages"]
tests = ["tests", "*/tests"]
[tool.coverage.run]
branch = true
source = ["spiffworkflow_backend", "tests"]
[tool.coverage.report]
show_missing = true
fail_under = 50
[tool.mypy]
strict = true
disallow_any_generics = false
warn_unreachable = true
pretty = true
show_column_numbers = true
show_error_codes = true
show_error_context = true
plugins = "sqlmypy"
# We get 'error: Module has no attribute "set_context"' for sentry-sdk without this option
implicit_reexport = true
# allow for subdirs to NOT require __init__.py
namespace_packages = true
explicit_package_bases = false
# [tool.pyright]
# Pyright: Import "flask" could not be resolved
# ultimately resolved by creating a pyrightconfig.json file with venv and venvPath
# Pyright: "hey" is not accessed
# See: https://github.com/microsoft/pyright/discussions/3929#discussioncomment-5434231
# "Those are not warnings" and cannot be turned off like this:
# reportUnusedVariable = false
# solution was https://www.reddit.com/r/neovim/comments/11k5but/comment/jbjwwtf in vim settings
# for editor support like vim
[tool.ruff]
lint.select = [
# "ANN", # flake8-annotations
"ASYNC", # flake8-async
"B", # flake8-bugbear
# "BLE", # flake8-blind-except
"C", # mccabe
# "D", # pydocstyle
"E", # pycodestyle error
# "ERA", # eradicate
"F", # pyflakes
# "FBT", # flake8-boolean-trap
"N", # pep8-naming
"PL", # pylint
"S", # flake8-bandit
"T", # flake8-print
"UP", # pyupgrade
"W", # pycodestyle warning
"I", # isort
"YTT", # flake8-2020
]
lint.ignore = [
"C901", # "complexity" category
"PLR", # "refactoring" category has "too many lines in method" type stuff
"PLC1901",
"PLE1205" # saw this Too many arguments for `logging` format string give a false positive once
]
line-length = 130
# target python 3.10
target-version = "py310"
exclude = [
"migrations"
]
[tool.ruff.lint.per-file-ignores]
"migrations/versions/*.py" = ["E501"]
"tests/**/*.py" = ["PLR2004", "S101"] # PLR2004 is about magic vars, S101 allows assert
"bin/*.py" = ["T"] # it's ok to print things in scripts
[tool.ruff.lint.isort]
force-single-line = true
# pip install fixit && fixit fix -a src
[tool.fixit]
disable = [
"fixit.rules:CompareSingletonPrimitivesByIs",
]
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
[tool.safety]
# you can generate a config file for safety, but this doesn't work with safety check.
# it complains about the config file being in too new a format.
# you have to use safety scan, which requires a login.
# so in the meantime, we're ignoring an unfixable issue in ./bin/run_ci_session itself