Bring in line with best practices (#63)

.pyup.yml

@@ -0,0 +1,13 @@
+# update all packages, unless marked with "pyup: ignore" in the requirements file
+update: all
+
+# enabling version pinning
+pin: True
+
+branch: master
+
+# automatically discover requirements files
+search: True
+
+# in time for a mid-week release
+schedule: every week on monday

.taskcluster.yml

@@ -68,7 +68,7 @@ tasks:
             git config advice.detachedHead false &&
             git checkout ${head_rev} &&
             pip install tox &&
-            tox
+            tox -e py37
       metadata:
         name: tox py37 (${docker_tag})
         description: code linting & unit tests on py37 (${docker_tag})

Dockerfile

@@ -3,11 +3,13 @@ FROM python:3.7
 RUN groupadd --gid 10001 app && \
     useradd -g app --uid 10001 --shell /usr/sbin/nologin --create-home --home-dir /app app
 
+COPY . /app
+
+RUN chown -R 10001:10001 /app
+
 USER app
 WORKDIR /app
 
-COPY . /app
-
 RUN python -m venv /app
 RUN ./bin/pip install -r requirements/base.txt
 RUN ./bin/pip install -e .

Dockerfile.test

@@ -0,0 +1,9 @@
+ARG PYTHON_VERSION
+
+FROM python:${PYTHON_VERSION}
+
+WORKDIR /app
+
+RUN pip install tox
+
+ENTRYPOINT ["/usr/local/bin/tox", "-e"]

MANIFEST.in

@@ -1,27 +1,29 @@
-include CONTRIBUTING.rst
 include HISTORY.rst
 include LICENSE
 include README.rst
-include CODE_OF_CONDUCT.md
-include tox.ini
 include config-example.yaml
-include version.txt
+include pyproject.toml
+include setup.py
 
-recursive-include requirements *.in
+recursive-include configs *
+recursive-include src *
 recursive-include requirements *.txt
-recursive-include tests *
-recursive-exclude * __pycache__
-recursive-exclude * *.py[co]
-
-recursive-include docs *.rst conf.py
-
-# added by check_manifest.py
-include *.txt
-
-# added by check_manifest.py
-include Dockerfile
-recursive-include configs *.yml
-recursive-include docker.d *
 
 exclude .dockerignore
+exclude .pyup.yml
 exclude .taskcluster.yml
+exclude CODE_OF_CONDUCT.md
+exclude CONTRIBUTING.rst
+exclude Dockerfile
+exclude Dockerfile.test
+exclude docker.d
+exclude tests
+exclude tox.ini
+exclude version.txt
+
+recursive-exclude * __pycache__
+recursive-exclude * *.py[co]
+recursive-exclude docs *.rst conf.py
+recursive-exclude docker.d *
+recursive-exclude requirements *.in
+recursive-exclude tests *

pyproject.toml

@@ -0,0 +1,24 @@
+[tool.black]
+line-length = 100
+target-version = ["py37", "py38"]
+include = '\.(wsgi|pyi?)$'
+exclude = '''
+/(
+    \.eggs
+  | \.git
+  | \.hg
+  | \.mypy_cache
+  | \.tox
+  | \.venv
+  | \.cache
+  | \.cache_py3
+  | _build
+  | buck-out
+  | build
+  | dist
+  | ui
+)/
+'''
+
+[tool.isort]
+line_length=100

requirements/base.txt

@@ -160,13 +160,13 @@ taskcluster-urls==11.0.0 \
     --hash=sha256:2aceab7cf5b1948bc197f2e5e50c371aa48181ccd490b8bada00f1e3baf0c5cc \
     --hash=sha256:74bd2110b5daaebcec5e1d287bf137b61cb8cf6b2d8f5f2b74183e32bc4e7c87 \
     # via taskcluster
-taskcluster==22.0.0 \
-    --hash=sha256:807abbe56682a9d843eb8b98d86e3c88f3393952325205647c00a304ab2d6157 \
-    --hash=sha256:adf8e690a749734f44c1e951548966bc7f39af1219174266bf3ab82dee1d489c \
-    --hash=sha256:c35816e4d469a7469ff39e3126286466dafa7fb7aba37090d0bf07a877da5bc0
-urllib3==1.25.6 \
-    --hash=sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398 \
-    --hash=sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86 \
+taskcluster==22.1.1 \
+    --hash=sha256:07ef947d9b4fed32e4bc3e04b528f66a572944c6e2f907b8067c46b622067796 \
+    --hash=sha256:0b87096327374303fa8ab1a8985917841bc9e704adeade6214f21ded7065dc9e \
+    --hash=sha256:9221e19739f02bac4385fa3b1858028d92244b7f87d3b8e6dffe85e8fa118ff5
+urllib3==1.25.7 \
+    --hash=sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293 \
+    --hash=sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745 \
     # via kubernetes, requests
 websocket-client==0.56.0 \
     --hash=sha256:1151d5fb3a62dc129164292e1227655e4bbc5dd5340a5165dfae61128ec50aa9 \
@@ -190,6 +190,8 @@ zipp==0.6.0 \
     --hash=sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335 \
     # via importlib-metadata
 
-# WARNING: The following packages were not pinned, but pip requires them to be
-# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.
-# setuptools==41.6.0        # via google-auth, jsonschema, kubernetes
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==41.6.0 \
+    --hash=sha256:3e8e8505e563631e7cb110d9ad82d135ee866b8146d5efe06e42be07a72db20a \
+    --hash=sha256:6afa61b391dcd16cb8890ec9f66cc4015a8a31a6e1c2b4e0c464514be1a3d722 \
+    # via google-auth, jsonschema, kubernetes

requirements/local.in

@@ -0,0 +1,3 @@
+-r test.in
+
+tox

requirements/local.txt

@@ -0,0 +1,21 @@
+# SHA1:631e75ce35740a334ec3c128f7c0ecc69ab3e7b5
+#
+# This file is autogenerated by pip-compile-multi
+# To update, run:
+#
+#    pip-compile-multi
+#
+-r test.txt
+filelock==3.0.12 \
+    --hash=sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59 \
+    --hash=sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836 \
+    # via tox
+tox==3.14.0 \
+    --hash=sha256:0bc216b6a2e6afe764476b4a07edf2c1dab99ed82bb146a1130b2e828f5bff5e \
+    --hash=sha256:c4f6b319c20ba4913dbfe71ebfd14ff95d1853c4231493608182f66e566ecfe1
+virtualenv==16.7.7 \
+    --hash=sha256:11cb4608930d5fd3afb545ecf8db83fa50e1f96fc4fca80c94b07d2c83146589 \
+    --hash=sha256:d257bb3773e48cac60e475a19b608996c73f4d333b3ba2e4e57d5ac6134e0136 \
+    # via tox
+
+# The following packages are considered to be unsafe in a requirements file:

requirements/test.in

@@ -1,4 +1,9 @@
 -r base.in
 
+black
+check-manifest
+flake8
+isort
+pip-compile-multi
 pytest
 pytest-coverage

requirements/test.txt

@@ -1,15 +1,25 @@
-# SHA1:130fc19af7d15836ea1559a85d8216832b029187
+# SHA1:04626712e5621f00704520c9bbeccc9733d1eb2b
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
 #
 #    pip-compile-multi
 #
 -r base.txt
+appdirs==1.4.3 \
+    --hash=sha256:9e5896d1372858f8dd3344faf4e5014d21849c756c8d5701f78f8a103b372d92 \
+    --hash=sha256:d8b24664561d0d34ddfaec54636d502d7cea6e29c3eaf68f3df6180863e2166e \
+    # via black
 atomicwrites==1.3.0 \
     --hash=sha256:03472c30eb2c5d1ba9227e4c2ca66ab8287fbfbbda3888aa93dc2e28fc6811b4 \
     --hash=sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6 \
     # via pytest
+black==19.10b0 \
+    --hash=sha256:1b30e59be925fafc1ee4565e5e08abef6b03fe455102883820fe5ee2e4734e0b \
+    --hash=sha256:c2edb73a08e9e0e6f65a0e6af18b059b8b1cdd5bef997d7a0b181df93dc81539
+check-manifest==0.40 \
+    --hash=sha256:42de6eaab4ed149e60c9b367ada54f01a3b1e4d6846784f9b9710e770ff5572c \
+    --hash=sha256:78dd077f2c70dbac7cfcc9d12cbd423914e787ea4b5631de45aecd25b524e8e3
 coverage==4.5.4 \
     --hash=sha256:08907593569fe59baca0bf152c43f3863201efb6113ecb38ce7e97ce339805a6 \
     --hash=sha256:0be0f1ed45fc0c185cfd4ecc19a1d6532d72f86a2bac9de7e24541febad72650 \
@@ -44,10 +54,34 @@ coverage==4.5.4 \
     --hash=sha256:fa964bae817babece5aa2e8c1af841bebb6d0b9add8e637548809d040443fee0 \
     --hash=sha256:ff37757e068ae606659c28c3bd0d923f9d29a85de79bf25b2b34b148473b5025 \
     # via pytest-cov
+entrypoints==0.3 \
+    --hash=sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 \
+    --hash=sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451 \
+    # via flake8
+flake8==3.7.9 \
+    --hash=sha256:45681a117ecc81e870cbf1262835ae4af5e7a8b08e40b944a8a6e6b895914cfb \
+    --hash=sha256:49356e766643ad15072a789a20915d3c91dc89fd313ccd71802303fd67e4deca
+isort==4.3.21 \
+    --hash=sha256:54da7e92468955c4fceacd0c86bd0ec997b0e1ee80d97f67c35a78b719dccab1 \
+    --hash=sha256:6e811fcb295968434526407adb8796944f1988c5b65e8139058f2014cbe100fd
+mccabe==0.6.1 \
+    --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42 \
+    --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f \
+    # via flake8
 packaging==19.2 \
     --hash=sha256:28b924174df7a2fa32c1953825ff29c61e2f5e082343165438812f00d3a7fc47 \
     --hash=sha256:d9551545c6d761f3def1677baf08ab2a3ca17c56879e70fecba2fc4dde4ed108 \
     # via pytest
+pathspec==0.6.0 \
+    --hash=sha256:e285ccc8b0785beadd4c18e5708b12bb8fcf529a1e61215b3feff1d1e559ea5c \
+    # via black
+pip-compile-multi==1.5.8 \
+    --hash=sha256:6c77a2cdae62c28d6c151111e6a38ca9935ef37898f9766100ec2064326d74e9 \
+    --hash=sha256:fd92e064e8b187ce919a9b1e22bc7ff41e630bbfba8a9ab0501c260a2580feda
+pip-tools==4.2.0 \
+    --hash=sha256:123174aabf7f4a63dd6e0bfc8aeeb5eaddbecb75a41e9f0dd4c447b1f2de14f7 \
+    --hash=sha256:5427ea4dcc175649723985fbcace9b2d8f46f9adbcc63bc2d7b247d9bcc74917 \
+    # via pip-compile-multi
 pluggy==0.13.0 \
     --hash=sha256:0db4b7601aae1d35b4a033282da476845aa19185c1e6964b25cf324b5e4ec3e6 \
     --hash=sha256:fa5fa1622fa6dd5c030e9cad086fa19ef6a0cf6d7a2d12318e10cb49d6d68f34 \
@@ -56,9 +90,17 @@ py==1.8.0 \
     --hash=sha256:64f65755aee5b381cea27766a3a147c3f15b9b6b9ac88676de66ba2ae36793fa \
     --hash=sha256:dc639b046a6e2cff5bbe40194ad65936d6ba360b52b3c3fe1d08a82dd50b5e53 \
     # via pytest
-pyparsing==2.4.4 \
-    --hash=sha256:4acadc9a2b96c19fe00932a38ca63e601180c39a189a696abce1eaab641447e1 \
-    --hash=sha256:61b5ed888beab19ddccab3478910e2076a6b5a0295dffc43021890e136edf764 \
+pycodestyle==2.5.0 \
+    --hash=sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56 \
+    --hash=sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c \
+    # via flake8
+pyflakes==2.1.1 \
+    --hash=sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0 \
+    --hash=sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2 \
+    # via flake8
+pyparsing==2.4.5 \
+    --hash=sha256:20f995ecd72f2a1f4bf6b072b63b22e2eb457836601e76d6e5dfcd75436acc1f \
+    --hash=sha256:4ca62001be367f01bd3e92ecbb79070272a9d4964dce6a48a82ff0b8bc7e683a \
     # via packaging
 pytest-cov==2.8.1 \
     --hash=sha256:cc6742d8bac45070217169f5f72ceee1e0e55b0221f54bcf24845972d3a47f2b \
@@ -74,11 +116,54 @@ pytest-coverage==0.0 \
 pytest==5.2.2 \
     --hash=sha256:27abc3fef618a01bebb1f0d6d303d2816a99aa87a5968ebc32fe971be91eb1e6 \
     --hash=sha256:58cee9e09242937e136dbb3dab466116ba20d6b7828c7620f23947f37eb4dae4
+regex==2019.11.1 \
+    --hash=sha256:15454b37c5a278f46f7aa2d9339bda450c300617ca2fca6558d05d870245edc7 \
+    --hash=sha256:1ad40708c255943a227e778b022c6497c129ad614bb7a2a2f916e12e8a359ee7 \
+    --hash=sha256:5e00f65cc507d13ab4dfa92c1232d004fa202c1d43a32a13940ab8a5afe2fb96 \
+    --hash=sha256:604dc563a02a74d70ae1f55208ddc9bfb6d9f470f6d1a5054c4bd5ae58744ab1 \
+    --hash=sha256:720e34a539a76a1fedcebe4397290604cc2bdf6f81eca44adb9fb2ea071c0c69 \
+    --hash=sha256:7caf47e4a9ac6ef08cabd3442cc4ca3386db141fb3c8b2a7e202d0470028e910 \
+    --hash=sha256:7faf534c1841c09d8fefa60ccde7b9903c9b528853ecf41628689793290ca143 \
+    --hash=sha256:b4e0406d822aa4993ac45072a584d57aa4931cf8288b5455bbf30c1d59dbad59 \
+    --hash=sha256:c31eaf28c6fe75ea329add0022efeed249e37861c19681960f99bbc7db981fb2 \
+    --hash=sha256:c7393597191fc2043c744db021643549061e12abe0b3ff5c429d806de7b93b66 \
+    --hash=sha256:d2b302f8cdd82c8f48e9de749d1d17f85ce9a0f082880b9a4859f66b07037dc6 \
+    --hash=sha256:e3d8dd0ec0ea280cf89026b0898971f5750a7bd92cb62c51af5a52abd020054a \
+    --hash=sha256:ec032cbfed59bd5a4b8eab943c310acfaaa81394e14f44454ad5c9eba4f24a74 \
+    # via black
+toml==0.10.0 \
+    --hash=sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c \
+    --hash=sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e \
+    # via black, check-manifest
+toposort==1.5 \
+    --hash=sha256:d80128b83b411d503b0cdb4a8f172998bc1d3b434b6402a349b8ebd734d51a80 \
+    --hash=sha256:dba5ae845296e3bf37b042c640870ffebcdeb8cd4df45adaa01d8c5476c557dd \
+    # via pip-compile-multi
+typed-ast==1.4.0 \
+    --hash=sha256:1170afa46a3799e18b4c977777ce137bb53c7485379d9706af8a59f2ea1aa161 \
+    --hash=sha256:18511a0b3e7922276346bcb47e2ef9f38fb90fd31cb9223eed42c85d1312344e \
+    --hash=sha256:262c247a82d005e43b5b7f69aff746370538e176131c32dda9cb0f324d27141e \
+    --hash=sha256:2b907eb046d049bcd9892e3076c7a6456c93a25bebfe554e931620c90e6a25b0 \
+    --hash=sha256:354c16e5babd09f5cb0ee000d54cfa38401d8b8891eefa878ac772f827181a3c \
+    --hash=sha256:48e5b1e71f25cfdef98b013263a88d7145879fbb2d5185f2a0c79fa7ebbeae47 \
+    --hash=sha256:4e0b70c6fc4d010f8107726af5fd37921b666f5b31d9331f0bd24ad9a088e631 \
+    --hash=sha256:630968c5cdee51a11c05a30453f8cd65e0cc1d2ad0d9192819df9978984529f4 \
+    --hash=sha256:66480f95b8167c9c5c5c87f32cf437d585937970f3fc24386f313a4c97b44e34 \
+    --hash=sha256:71211d26ffd12d63a83e079ff258ac9d56a1376a25bc80b1cdcdf601b855b90b \
+    --hash=sha256:7954560051331d003b4e2b3eb822d9dd2e376fa4f6d98fee32f452f52dd6ebb2 \
+    --hash=sha256:838997f4310012cf2e1ad3803bce2f3402e9ffb71ded61b5ee22617b3a7f6b6e \
+    --hash=sha256:95bd11af7eafc16e829af2d3df510cecfd4387f6453355188342c3e79a2ec87a \
+    --hash=sha256:bc6c7d3fa1325a0c6613512a093bc2a2a15aeec350451cbdf9e1d4bffe3e3233 \
+    --hash=sha256:cc34a6f5b426748a507dd5d1de4c1978f2eb5626d51326e43280941206c209e1 \
+    --hash=sha256:d755f03c1e4a51e9b24d899561fec4ccaf51f210d52abdf8c07ee2849b212a36 \
+    --hash=sha256:d7c45933b1bdfaf9f36c579671fec15d25b06c8398f113dab64c18ed1adda01d \
+    --hash=sha256:d896919306dd0aa22d0132f62a1b78d11aaf4c9fc5b3410d3c666b818191630a \
+    --hash=sha256:fdc1c9bbf79510b76408840e009ed65958feba92a88833cdceecff93ae8fff66 \
+    --hash=sha256:ffde2fbfad571af120fcbfbbc61c72469e72f550d676c3342492a9dfdefb8f12 \
+    # via black
 wcwidth==0.1.7 \
     --hash=sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e \
     --hash=sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c \
     # via pytest
 
-# WARNING: The following packages were not pinned, but pip requires them to be
-# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag.
-# setuptools==41.6.0        # via google-auth, jsonschema, kubernetes
+# The following packages are considered to be unsafe in a requirements file:

setup.py

@@ -4,7 +4,7 @@
 """The setup script."""
 
 from glob import glob
-from os.path import basename, splitext
+from os.path import abspath, basename, dirname, join, splitext
 
 from setuptools import find_packages, setup
 
@@ -14,8 +14,22 @@
 with open("version.txt") as f:
     version = f.read().rstrip()
 
-with open("requirements/base.in") as f:
-    install_requires = f.readlines()
+here = abspath(dirname(__file__))
+# We're using a pip8 style requirements file, which allows us to embed hashes
+# of the packages in it. However, setuptools doesn't support parsing this type
+# of file, so we need to strip those out before passing the requirements along
+# to it.
+with open(join(here, "requirements", "base.txt")) as f:
+    requirements = []
+    for line in f:
+        # Skip empty and comment lines
+        if not line.strip() or line.strip().startswith("#"):
+            continue
+        # Skip lines with hash values
+        if not line.strip().startswith("--"):
+            requirements.append(line.split(";")[0].split()[0])
+            requirement_without_python_filter = line.split(";")[0]
+            requirement_without_trailing_characters = requirement_without_python_filter.split()[0]
 
 setup(
     author="Rail Aliiev",
@@ -30,13 +44,14 @@
         "Programming Language :: Python :: 3.7",
     ],
     description="Autoscale scriptworkers in Kubernetes",
-    install_requires=install_requires,
+    install_requires=requirements,
     license="MPL2.0",
     long_description=readme,
     include_package_data=True,
     keywords="k8s-autoscale",
     name="k8s_autoscale",
-    packages=find_packages(),
+    packages=find_packages("src"),
+    package_dir={"": "src"},
     test_suite="tests",
     url="https://github.com/mozilla-releng/k8s-autoscale",
     version=version,
@@ -45,6 +60,6 @@
         "console_scripts": [
             "k8s_autoscale=k8s_autoscale.cli:main",
             "k8s_autoscale-verify=k8s_autoscale.cli:verify",
-        ],
+        ]
     },
 )