build: Integrate with pipenv and bump aiohttp version

0f900e0d · Olha Zamirets · 2285697e · 0f900e0d · 0f900e0d · 0f900e0d
Commit 0f900e0d authored Dec 09, 2021 by Olha Zamirets
--- a/Dockerfile
+++ b/Dockerfile
 FROM python:3.9-slim as prod_base
 WORKDIR /auth
 ENV PYTHONUNBUFFERED True
-COPY requirements/requirements.txt .
-RUN pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir -r requirements.txt
 COPY secrets /secrets
 COPY config /config
+COPY Pipfile  .
+COPY Pipfile.lock .
+RUN pip install --upgrade pipenv
+RUN pipenv install --system --deploy

 FROM prod_base as prod
 COPY src/ .
@@ -12,15 +14,13 @@ ARG version=unknown
 RUN echo $version && sed -i "s/##VERSION##/$version/g" prozorro_sale/__init__.py

 FROM prod as test
-COPY requirements/test.txt .
 ARG version=unknown
-RUN pip install --no-cache-dir -r test.txt \
+RUN pipenv install --dev --system --deploy \
    && echo $version && sed -i "s/##VERSION##/$version-dev/g" prozorro_sale/__init__.py
 COPY test ./test
 COPY .coveragerc .coveragerc

 FROM prod as local
-COPY requirements/development.txt .
-RUN pip install --no-cache-dir -r development.txt
+RUN pipenv install --dev --system --deploy

 FROM prod
--- a/Pipfile
+++ b/Pipfile
+[packages]
+aiohttp = {extras=["speedups"], version="~=3.8.1"}
+ipaddress = "*"
+cryptography = "*"
+prozorro-aiohttp-swagger = {version="*", index="prozorro"}
+prozorro-tools = {version="~=0.14", index="prozorro"}
+PyYAML = "*"
+PyJWT = "~=2.0.0"
+uvloop = "*"
+
+[dev-packages]
+coverage = "*"
+pytest = "*"
+pytest-cov = "*"
+pytest-aiohttp = "*"
+aiohttp-devtools = "*"
+aiohttp-debugtoolbar = "*"
+aiohttp-jinja2 = "==1.1.0"
+
+[[source]]
+url = "https://pypi-int.prozorro.sale/"
+verify_ssl = false
+name = "prozorro"
+
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
\ No newline at end of file
--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/README.md
+++ b/README.md
@@ -133,3 +133,75 @@ TOKEN: 3cceb049-086d-4988-bdd4-ae62bb2038ac
 HASH: 1e622638aa1c7504230130a7814d39aff39cbe09d6dcac3c4be46a2cdfafe4b6
 -----------------------------------------------------------------------
 ``` 
+
+# Running module locally
+
+System dependencies:
+* make
+* docker
+* docker-compose
+
+## To run project locally
+
+```
+make run
+```
+
+## To build docker images for the project
+
+```
+make docker-build
+```
+
+## To run tests
+
+```
+make test-unit
+make test-integration
+```
+
+### Add new package
+To install package add it in Pipfile to package's group:
+* ```[packages]``` - for minimally required packages
+* ```[dev-packages]``` - for development-only packages (test-requirements)
+
+If you don’t have any specific version requirements for your dependencies, you can use the wildcard character * to tell Pipenv that any version can be installed:
+```
+[packages]
+numpy = "*"
+```
+
+If you want specify exact versions of requirements:
+```
+[packages]
+numpy = "==1.14.1"
+```
+
+To specify greater than or equal version requirement:
+```
+[packages]
+numpy = ">=1.14.1"
+```
+
+After adding package to Pipfile, you should update Pipfile.lock file in appropriate directory:
+```
+pipenv lock
+```
+You can set PIPENV_IGNORE_VIRTUALENVS=1 to force pipenv to ignore that environment and create its own instead with required python version.
+
+```
+PIPENV_IGNORE_VIRTUALENVS=1 pipenv lock --python 3.9
+```
+
+Pipfile.lock file enables deterministic builds by specifying the exact requirements for reproducing an environment. 
+It contains exact versions for packages and hashes to support more secure verification. Do not update this file manually!
+
+There are two sources for packages:
+* ```pypi``` - https://pypi.org/simple (default)
+* ```prozorro``` - https://pypi-int.prozorro.sale/
+
+If you’d like a specific package to be installed with a specific package index (e.g. from https://pypi-int.prozorro.sale/), you can do the following:
+```
+[packages]
+prozorro-tools = {version="==0.14.0", index="prozorro"}
+```
--- a/requirements/development.txt
+++ b/requirements/development.txt
-r requirements.txt
-aiohttp-devtools
-aiohttp-debugtoolbar
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
-i https://pypi-int.prozorro.sale/
-#For include pre-release and development versions, uncomment line --pre. By default, pip only finds stable versions.
-#--pre
-PyYAML
-aiohttp[speedups]==3.7.4.post0
-ipaddress
-cryptography
-pyjwt~=2.0.0
-prozorro_aiohttp_swagger
-prozorro-tools==0.14.0
-uvloop
--- a/requirements/test.txt
+++ b/requirements/test.txt
-r requirements.txt
-coverage
-pytest
-pytest-aiohttp
-pytest-cov
--- a/setup.py
+++ b/setup.py
 import os
+import json

 from setuptools import find_packages, setup

-with open(os.path.join(os.path.dirname(__file__), 'requirements/requirements.txt')) as f:
-    requirements = ''
-    for line in f.readlines():
-        if all(not line.startswith(pref) for pref in ['-', '--', '#']):
-            requirements += line
+INDEX_URL = 'https://pypi-int.prozorro.sale/'
+
+# TODO: filter only required packages not all for setup
+with open(os.path.join(os.path.dirname(__file__), 'Pipfile.lock')) as pip_file:
+    pipfile_json = json.load(pip_file)
+    requirements, dependency_links = list(), list()
+    for package, detail in pipfile_json['default'].items():
+        requirements.append(f"{package}{detail.get('version', '')}")
+        if detail.get('index'):
+            dependency_links.append(f'{INDEX_URL}{package}')

 setup(
    name='prozorro-auth',
@@ -17,5 +23,6 @@ setup(
    install_requires=requirements,
    entry_points={
        'console_scripts': ['prozorro-sale-token=prozorro_sale.auth.encryption:_cli'],
-    }
+    },
+    dependency_links=dependency_links
 )