This document is no longer useful. KR has stepped down
and all the other maintainers are emeritus.
The rest of the philosophy is exlusive and could be removed
without doing any harm. KR still has earned his respect starting
this project.
The script was very much neglected ...
For example:
PIP_PROCESS_DEPENDENCY_LINKS
Is no longer used in pip. The TEST_SUITE variable was not used anywhere.
Dropped Python2.7 and added a variable to specify python version.
Set sensible defaults to all variables, and allow overriding them
from the calling shell, e.g.:
```
PIPENV_PYTHON=3.9 ./run-tests.sh
```
This was tested to work both on alpine linux and debian.
This script has not been updated in 4 years. It lacked documentation
on how to create it and how it differs from upstream.
This updated version uses the current infrastructure of pypa/get-pip.
It uses a newer version of pip (pip 21.3.1 compare to pip 9.0.1, which
had an expired CA certificate).
Previously, due to a probable typo in the code for importing a
requirements file to create a new pipenv project, SSL/TLS validation was
disabled by default for any package index servers specified in the
requirements file with the `--index-url` or `--extra-index-url` options.
In addition, `--trusted-host` options in the requirements file would not
work as intended, because any host or host:port pair provided with these
options was incorrectly being matched against the full URLs of the
configured index server(s) (i.e. including the scheme, path, etc.),
instead of extracting and comparing with the host and port parts only,
as intended.
This PR fixes both of these issues, flipping the existing behavior to
require SSL/TLS validation by default, and optionally allowing TLS
validation to be disabled explicitly for specific host:port with the
`--trusted-host` option if provided.
If I do something like `pytest tests/integration/test_cli.py`, something
about the ordering of imports means that `pipenv.environments` gets
loaded *before* `pytest_sessionstart` runs, which means that
`pipenv.environments.PIPENV_IS_CI` ends up false.
This adds and documents a workaround for
https://github.com/pypa/pipenv/issues/4909. It feels a bit weird to
pretend to be CI just to run the test suite, though. Maybe we can do
something about that later.
I ran into a lot of trouble trying to get the tests to run when working
on https://github.com/pypa/pipenv/pull/4908, and that was largely
because the instructions in this CONTRIBUTING.md file seem to have
rotted.
1. The bit about "can be run very simply" is bogus. It's
unfortunately not that simple right now.
2. `make test` (the docker approach) fails for me with this error:
```bash
$ make test
docker-compose up
[+] Running 1/0
⠿ Container pipenv-pipenv-tests-1 Recreated 0.1s
Attaching to pipenv-pipenv-tests-1
pipenv-pipenv-tests-1 | Collecting certifi
pipenv-pipenv-tests-1 | Downloading https://files.pythonhosted.org/packages/37/45/946c02767aabb873146011e665728b680884cd8fe70dde973c640e45b775/certifi-2021.10.8-py2.py3-none-any.whl (149kB)
pipenv-pipenv-tests-1 | Installing collected packages: certifi
pipenv-pipenv-tests-1 | Successfully installed certifi-2021.10.8
pipenv-pipenv-tests-1 | Path: /root/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
pipenv-pipenv-tests-1 | Installing Pipenv...
pipenv-pipenv-tests-1 | Obtaining file:///pipenv
pipenv-pipenv-tests-1 | Complete output from command python setup.py egg_info:
pipenv-pipenv-tests-1 | Traceback (most recent call last):
pipenv-pipenv-tests-1 | File "<string>", line 1, in <module>
pipenv-pipenv-tests-1 | File "/pipenv/setup.py", line 55
pipenv-pipenv-tests-1 | print(f"\033[1m{s}\033[0m")
pipenv-pipenv-tests-1 | ^
pipenv-pipenv-tests-1 | SyntaxError: invalid syntax
pipenv-pipenv-tests-1 |
pipenv-pipenv-tests-1 | ----------------------------------------
pipenv-pipenv-tests-1 | Command "python setup.py egg_info" failed with error code 1 in /pipenv/
pipenv-pipenv-tests-1 exited with code 1
```
The docker image it relies upon
(https://hub.docker.com/r/kennethreitz/pipenv-tests) hasn't been
updated in 4 years, so I assume it's just not something people use
anymore?
3. Relatedly, there was a `Dockerfile` at the root of this repo that
appears to be unused. Let me know if it's used somewhere I'm not
realizing, I can add it back!
4. https://kennethreitz.org/essays/be-cordial-or-be-on-your-way seems to
be a broken link now. I found
https://kennethreitz.org/essays/2013/01/27/be-cordial-or-be-on-your-way
on Google.
5. `./run-tests.sh` doesn't work for me. It's failing for the same
reason described by @ncoghlan here:
https://github.com/pypa/pip/issues/7953#issuecomment-611928262. He
said something about a `PIPENV_BOOTSTRAP` environment variable, but I
can't find any information about that.
Previously, due to default behavior of ArgumentParser, global --index-url,
--extra-index-url, and --trusted-host options in requirements files could be
abbreviated (e.g. "--index" == "--index-url"). As a result, unexpected
behavior could occur during processing of a requirements file with these
shortened option names when using Pipenv, which could be exploited by a
malicious actor to surreptitiously insert pip options using non-obvious
abbreviations.
For example, adding a line with "--t example.com" to the
requirements file would cause Pipenv to treat example.com as trusted, even
when example.com presents an invalid TLS certificate.
This commit disables support for abbreviated options in the ArgumentParser,
to align Pipenv's behavior when parsing global options in a requirements
file with the behavior in pip, as expected.
Oz N Tiram