diff --git a/.travis.yml b/.travis.yml index b5bdfbe0d8..b2c5b4e593 100644 --- a/.travis.yml +++ b/.travis.yml @@ -79,12 +79,6 @@ cache: # are updated so it's disabled #- .tox/ -before_install: - # If you update these versions, make sure you update the versions in the .st2client-install-check - # and the requirements targets in the Makefile to match - - pip install --upgrade "pip==20.0.2" - - sudo pip install --upgrade "virtualenv==16.6.0" - install: - ./scripts/travis/install-requirements.sh # prep a travis-specific dev conf file that uses travis instead of stanley diff --git a/Makefile b/Makefile index de39f43489..f156b8be5b 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,9 @@ COVERAGE_GLOBS := .coverage.unit.* .coverage.integration.* .coverage.mistral.* COVERAGE_GLOBS_QUOTED := $(foreach glob,$(COVERAGE_GLOBS),'$(glob)') REQUIREMENTS := test-requirements.txt requirements.txt +# Pin common pip version here across all the targets +# Note! Periodic maintenance pip upgrades are required to be up-to-date with the latest pip security fixes and updates +PIP_VERSION ?= 20.0.2 PIP_OPTIONS := $(ST2_PIP_OPTIONS) ifndef PYLINT_CONCURRENCY @@ -319,7 +322,7 @@ lint-api-spec: requirements .lint-api-spec @echo @echo "================== Lint API spec ====================" @echo - . $(VIRTUALENV_DIR)/bin/activate; st2common/bin/st2-validate-api-spec --config-file conf/st2.dev.conf + . $(VIRTUALENV_DIR)/bin/activate; st2common/bin/st2-validate-api-spec --config-file conf/st2.dev.conf .PHONY: generate-api-spec generate-api-spec: requirements .generate-api-spec @@ -379,10 +382,7 @@ flake8: requirements .flake8 touch $(VIRTUALENV_ST2CLIENT_DIR)/bin/activate chmod +x $(VIRTUALENV_ST2CLIENT_DIR)/bin/activate - # If you update these versions, make sure you also update the versions in the - # requirements target and .travis.yml to match - # Make sure we use the latest version of pip - $(VIRTUALENV_ST2CLIENT_DIR)/bin/pip install --upgrade "pip==20.0.2" + $(VIRTUALENV_ST2CLIENT_DIR)/bin/pip install --upgrade "pip==$(PIP_VERSION)" # NOTE We need to upgrade setuptools to avoid bug with dependency resolving in old versions # Setuptools 42 added support for python_requires, which is used by the configparser package, # which is required by the importlib-metadata package @@ -505,7 +505,8 @@ distclean: clean .PHONY: .requirements .requirements: virtualenv - # Print out pip version so we can see what version was restored from the Travis cache + $(VIRTUALENV_DIR)/bin/pip install --upgrade "pip==$(PIP_VERSION)" + # Print out pip version $(VIRTUALENV_DIR)/bin/pip --version # Generate all requirements to support current CI pipeline. $(VIRTUALENV_DIR)/bin/python scripts/fixate-requirements.py --skip=virtualenv,virtualenv-osx -s st2*/in-requirements.txt contrib/runners/*/in-requirements.txt -f fixed-requirements.txt -o requirements.txt @@ -527,11 +528,6 @@ requirements: virtualenv .requirements .sdist-requirements install-runners @echo @echo "==================== requirements ====================" @echo - # If you update these versions, make sure you also update the versions in the - # .st2client-install-check target and .travis.yml to match - # Make sure we use latest version of pip - $(VIRTUALENV_DIR)/bin/pip --version - $(VIRTUALENV_DIR)/bin/pip install --upgrade "pip==20.0.2" # setuptools >= 41.0.1 is required for packs.install in dev envs # setuptools >= 42 is required so setup.py install respects dependencies' python_requires $(VIRTUALENV_DIR)/bin/pip install --upgrade "setuptools==44.1.0" @@ -586,8 +582,6 @@ virtualenv: @echo @echo "==================== virtualenv ====================" @echo - # Note: We pass --no-download flag to make sure version of pip which we install (9.0.1) is used - # instead of latest version being downloaded from PyPi test -f $(VIRTUALENV_DIR)/bin/activate || virtualenv --python=$(PYTHON_VERSION) $(VIRTUALENV_DIR) --no-download # Setup PYTHONPATH in bash activate script...