[openstack-dev] [all]deprecating [test-]requirements-PYN.txt

Matthew Treinish mtreinish at kortar.org
Thu Jul 2 20:36:00 UTC 2015

On Thu, Jul 02, 2015 at 09:22:03PM +0100, Dave Walker wrote:
> On 29 June 2015 at 04:59, Robert Collins <robertc at robertcollins.net> wrote:
> > Hi, so we're nearly ready to deprecate the python-version-specific
> > requirements files. Once we have infra's requirements cross checking
> > jobs all copacetic again, we should be able to move forward.
> >
> > There isn't a specific spec for this in pbr, and I wanted to get some
> > broad input into the manner of the deprecation.
> <SNIP>
> Slightly offtopic, but I've noticed that some consumers of bandit[0]
> have been creating requirements-bandit.txt.  This is to specify bandit
> requirements without requiring the whole test-requirements.txt env to
> be installed, to run what is essentially a linting tool.
> I'm not sure I like the idea of creating MORE requirements.txt style
> files as it pollutes the project root namespace and currently has no
> syncing from global-requirements.
> I wondered if you had any ideas on how to solve this for bandit usage,
> and potentially other projects?

I would use setuptools extras to do this.[1] PBR has support for this since
the 1.0.0 release. [2] I used it on subunit2sql to separate the fairly
heavyweight requirements for using the graph command from the rest of the
dependencies. [3]

-Matt Treinish

> [0] https://wiki.openstack.org/wiki/Security/Projects/Bandit

[1] https://www.python.org/dev/peps/pep-0426/#extras-optional-dependencies
[2] http://docs.openstack.org/developer/pbr/#extra-requirements
[3] https://review.openstack.org/#/c/184278/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150702/1ee8b487/attachment.pgp>

More information about the OpenStack-dev mailing list