Skip to content

Update frozen upstream requirements #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 31, 2018
Merged

Update frozen upstream requirements #96

merged 4 commits into from
Oct 31, 2018

Conversation

johnwalker
Copy link
Contributor

Issue #, if available:

Description of changes:

This updates the upstream requirements and documents how to do it.

I wanted to document how the upstream requirements are used, but I didn't know. What are they used for?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@johnwalker
Update frozen upstream requirements
7d4bb68 
Generated using:

tox -e freeze-upstream-requirements-py27
tox -e freeze-upstream-requirements-py37
tox -e test-upstream-requirements-py27
tox -e test-upstream-requirements-py37
@johnwalker
Document how to freeze and test upstream requirements
56e17b1 
Document how to freeze and test upstream requirements.
@mattsb42-aws
Copy link
Member

@johnwalker That's a good point; I think it's currently "documented" in a combination of code and commit comments.

The backstory here is that pyca/cryptography runs downstream tests as part of their CI to make sure that their changes do not break certain important downstream dependencies. This client and the AWS Encryption SDK for Python are among those that they test.

We had multiple cases where their CI broke because their downstream tests of our clients were broken because of new versions of one of our dependencies. This is something that we want to be aware of (and our CI is set up to catch this), but it is not something that we want an upstream dependency like pyca/cryptography to break on.

To address this issue, I set up these frozen upstream dependency definitions to freeze the versions of our dependencies that will be used in any tests run by upstream dependencies[1]. We also run these isolated tests in our own CI to make sure that changes to the frozen dependencies do not break those upstream tests.

[1] https://github.com/pyca/cryptography/blob/master/.travis/downstream.d/dynamodb-encryption-sdk.sh

@johnwalker
Document purpose of the upstream requirements
3b52621 
These were already documented through commits and code. It adds a few sentences
of explanation for why the upstream requirements exists to the README, so that
people know what they are updating.
@johnwalker
Copy link
Contributor Author

Thank you! I updated the readme to include explanation.

mattsb42-aws
mattsb42-aws reviewed Oct 30, 2018
View reviewed changes
test/README.rst Outdated
==============================

The purpose of the upstream requirements files is to provide a stable list of
packages for pyca/cryptography's downstream test of the DynamoDB Encryption
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I deliberately generalized this when I was building the infrastructure, and I think this should be reflected in the description. These are for any upstream dependency that wants to test their downstream consumers. It just so happens that currently pyca/cryptography is the only instance of this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gotcha, fixed

@johnwalker
Generalize documentation about upstream requirements
318c170 
These requirements files aren't just for pyca/cryptography, they're also for
anyone that wants to run downstream tests.
@mattsb42-aws mattsb42-aws merged commit 68ce94f into aws:master Oct 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattsb42-aws mattsb42-aws mattsb42-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johnwalker @mattsb42-aws