This way lies madness, but at least we don't have a six dependency
anymore.
The way this work is that we vendored html5lib 1.1, but then this
applies a 01_html5lib_six.patch to that which changes imports from six
to import from bleach.six_shim.
This updates the vendor management code and vendorverify to install
html5lib 1.1 and then apply the patch and then compare with what's in
the tree. If we end up applying further patches in the future, we can
use this model to do that.
Previously, we maintained dev dependencies in a .in file and then used
pip-compile to generate a requirements file and then used that for
building dev environments and CI test environments.
We hit dependencies that have different dependencies depending on Python
version and interpreter. That breaks with the compiled requirements
method.
This redoes dev requirements so that they're an extra specified in
setup.py. We don't need to track dependencies of dependencies or hash
dev dependencies. We can update dev dependencies as we need to. Having
stable pinned versions reduces unexpected errors because the universe
changed.
Developers will need to do:
pip install -e '.[dev]'
now to pick up dev dependencies.
Add some additional files and directories that should be covered by
Python formatting.
Change flake8 line length to 88 to match black.
Change flake8 to ignore line length--it's handled by black.
This fixes the problem with pip-tools < 6.5.0 and pip 22 by adding
pip-tools to the dev requirements, setting it to 6.5.0, and installing
that before checking the requirements.
This also moves requirements checking code to the scripts/run_tests.sh
script so it's easier to do in a local dev environment.
This also rebuilds the dev requirements.
RECORD is not sorted and the lines are in a different order once in a while
causing vendor_verify.sh to fail. The order of the lines doesn't matter for
this file, so this tweaks the script to diff that file separately after
sorting the contents on both sides.
Will Kahn-Greene
Hugo van Kemenade
Greg Guthe