Periodic uplift of Pegleg dependencies, notably:
1. deckhand, shipyard, promenade now on latest
2. uplift of other packages in attempt to resolve security scans
identified on quay.io [0]
[0] https://quay.io/repository/airshipit/pegleg?tab=tags
Change-Id: Id4a2a61fe1748b865e6eca55ea7ce13686855497
This patch uplifts promenade and deckhand versions Pegleg consumes.
Also included are minor package updates.
Change-Id: I1921ae8e215031e36b024ed3badafa67a1f43beb
Upgrades Deckhand to revision supporting six 1.12.0
https://review.opendev.org/#/c/677272/
Installs python3 and overrides python3-six version in OpenSUSE image
Reenables OpenSUSE image build gate
Change-Id: Id72dad8e3668d77b06aa8af4278fcdff0cb678eb
A recent change to implement Pipenv caused VCS dependencies (Promenade,
Deckhand, and Shipyard) to not be fully installed in Docker images. This
change removes the "editable" tags from the VCS dependencies to ensure a
full install as having "editable" enabled will only install dependencies
in development mode.
Unfortunately, the "editable" tag is required to install the
requirements.txt for a VCS dependency. To get the lower-level
dependencies installed from VCS dependencies, I implemented a few
commands in the Dockerfiles to retrieve the appropriate requirements.txt
and install them before fully installing Pegleg. An upcoming release of
Pipenv will fix the existing problems with VCS dependency resolution at
which point this temporary solution may be removed.
Adds manual installation of VCS dependency requirements.txt in Docker
Removes "editable" tags from VCS dependencies
Moves docker package to deployment packages from dev packages
Adds .env file to track VCS refs used by Docker for requirements.txt
Change-Id: Ifdb1fe960b32280dcb3c5308e56b2d608f848975
Pipenv is a tool that brings better package dependency management to
python. It can automatically create and manage virtualenv as well as
managing package dependencies using Pipfile and Pipfile.lock. Adding
this dependency manager into Airship projects will decrease package
version conflicts between projects and help increase security through
hash validation of packages and vulnerability scans.
Changes:
- Imports requirements.txt type files into Pipfile
- Pipenv dependency management in tox
- Switches Safety package for "pipenv check", an implementation of
Safety
- Adds `-e` flag on VCS dependencies to resolve good versions on all
packages
- Unpins or loosens pins on "dev"-type packages
Pipenv Docs: https://docs.pipenv.org/en/latest/
Helpful Pipenv Guide: https://realpython.com/pipenv-guide/
Change-Id: I47e7e7b440d76103b4984499e6ffce4482a59353
