From 8d825a4742aaea70bdfc1f3980c652c194da1585 Mon Sep 17 00:00:00 2001 From: Renata Date: Thu, 7 May 2026 18:28:47 +0200 Subject: [PATCH 1/2] chore(deps): bump black from 22.12.0 to 26.3.1 and reformat --- setup.py | 4 +- taf/__init__.py | 3 +- taf/constants.py | 1 - taf/repositoriesdb.py | 1 - .../test_api/metadata/api/test_metadata.py | 1 - .../test_api/targets/api/test_targets.py | 1 - taf/tests/test_git/conftest.py | 1 - taf/tests/test_repository/test_repository.py | 6 ++- taf/tests/test_updater/conftest.py | 1 - .../test_updater/test_handlers/conftest.py | 1 - .../test_handlers/test_schemas.py | 1 - .../test_update_library/conftest.py | 1 - taf/tests/tuf/__init__.py | 1 - taf/tests/tuf/test_keys/test_yk.py | 1 - taf/tools/dependencies/__init__.py | 6 +-- taf/tools/repo/__init__.py | 30 ++++------- taf/tools/roles/__init__.py | 36 +++++-------- taf/tools/yubikey/__init__.py | 6 +-- taf/tuf/keys.py | 4 +- taf/tuf/repository.py | 7 ++- taf/updater/updater_pipeline.py | 52 +++++++++---------- 21 files changed, 63 insertions(+), 102 deletions(-) diff --git a/setup.py b/setup.py index 4d82c86d8..f1ede2952 100644 --- a/setup.py +++ b/setup.py @@ -15,7 +15,7 @@ ci_require = [ "bandit>=1.6.0", - "black==22.12.0", + "black==26.3.1", "coverage==4.5.3", "pre-commit>=1.18.3", "pytest-cov==2.7.1", @@ -24,7 +24,7 @@ executable_require = ["lxml"] -dev_require = ["bandit>=1.6.0", "black==22.12.0", "pre-commit>=1.18.3"] +dev_require = ["bandit>=1.6.0", "black==26.3.1", "pre-commit>=1.18.3"] tests_require = [ "pytest==8.*", diff --git a/taf/__init__.py b/taf/__init__.py index d92072f83..3e26b91a3 100644 --- a/taf/__init__.py +++ b/taf/__init__.py @@ -1,5 +1,4 @@ -"""Add platform-dependent libraries to the path. -""" +"""Add platform-dependent libraries to the path.""" import sys diff --git a/taf/constants.py b/taf/constants.py index 85c462551..310c82620 100644 --- a/taf/constants.py +++ b/taf/constants.py @@ -2,7 +2,6 @@ import datetime from typing import List, Optional - TARGETS_DIRECTORY_NAME = "targets" METADATA_DIRECTORY_NAME = "metadata" diff --git a/taf/repositoriesdb.py b/taf/repositoriesdb.py index 8f9fa646e..f89c57355 100644 --- a/taf/repositoriesdb.py +++ b/taf/repositoriesdb.py @@ -15,7 +15,6 @@ from taf.log import taf_logger from taf.models.types import Commitish - # Target repositories db # { diff --git a/taf/tests/test_api/metadata/api/test_metadata.py b/taf/tests/test_api/metadata/api/test_metadata.py index 876b3a8fa..1a878c69a 100644 --- a/taf/tests/test_api/metadata/api/test_metadata.py +++ b/taf/tests/test_api/metadata/api/test_metadata.py @@ -10,7 +10,6 @@ from tuf.api.metadata import Root, Snapshot, Timestamp, Targets from taf.yubikey.yubikey_manager import PinManager - AUTH_REPO_NAME = "auth" diff --git a/taf/tests/test_api/targets/api/test_targets.py b/taf/tests/test_api/targets/api/test_targets.py index 308670d3f..b71f1c6d6 100644 --- a/taf/tests/test_api/targets/api/test_targets.py +++ b/taf/tests/test_api/targets/api/test_targets.py @@ -16,7 +16,6 @@ ) from taf.yubikey.yubikey_manager import PinManager - AUTH_REPO_NAME = "auth" diff --git a/taf/tests/test_git/conftest.py b/taf/tests/test_git/conftest.py index 96cc09e1b..cc755323c 100644 --- a/taf/tests/test_git/conftest.py +++ b/taf/tests/test_git/conftest.py @@ -6,7 +6,6 @@ from taf.utils import on_rm_error from taf.tests.conftest import TEST_DATA_REPOS_PATH - TEST_DIR = Path(TEST_DATA_REPOS_PATH, "test-git") REPO_NAME = "repository" CLONE_REPO_NAME = "repository2" diff --git a/taf/tests/test_repository/test_repository.py b/taf/tests/test_repository/test_repository.py index 667abc953..9e737e51f 100644 --- a/taf/tests/test_repository/test_repository.py +++ b/taf/tests/test_repository/test_repository.py @@ -134,7 +134,11 @@ def _check_values(repo, json_data): else: assert repo_value == attr_value - for (repo_library_dir, repo_name, repo_path,) in ( + for ( + repo_library_dir, + repo_name, + repo_path, + ) in ( (library_dir, name, None), (None, None, Path(library_dir, name)), ): diff --git a/taf/tests/test_updater/conftest.py b/taf/tests/test_updater/conftest.py index 0a5a18ee6..42d9e6d26 100644 --- a/taf/tests/test_updater/conftest.py +++ b/taf/tests/test_updater/conftest.py @@ -46,7 +46,6 @@ from tuf.api.metadata import Timestamp - KEYS_DESCRIPTION = str(TEST_INIT_DATA_PATH / "keys.json") diff --git a/taf/tests/test_updater/test_handlers/conftest.py b/taf/tests/test_updater/test_handlers/conftest.py index 104a9db28..3b15938f2 100644 --- a/taf/tests/test_updater/test_handlers/conftest.py +++ b/taf/tests/test_updater/test_handlers/conftest.py @@ -4,7 +4,6 @@ from tuf.ngclient._internal import trusted_metadata_set from pytest import fixture - HANDLERS_DATA_INPUT_DIR = TEST_DATA_PATH / "handler_inputs" TYPES_DIR = TEST_DATA_PATH / "types" UPDATE_TYPES_DIR = TYPES_DIR / "update" diff --git a/taf/tests/test_updater/test_handlers/test_schemas.py b/taf/tests/test_updater/test_handlers/test_schemas.py index 6c8f9895d..ac3b8b566 100644 --- a/taf/tests/test_updater/test_handlers/test_schemas.py +++ b/taf/tests/test_updater/test_handlers/test_schemas.py @@ -8,7 +8,6 @@ update_update_schema, ) - schema_store = { repo_update_schema["$id"]: repo_update_schema, update_update_schema["$id"]: update_update_schema, diff --git a/taf/tests/test_updater/test_update_library/conftest.py b/taf/tests/test_updater/test_update_library/conftest.py index c049c86b6..972631601 100644 --- a/taf/tests/test_updater/test_update_library/conftest.py +++ b/taf/tests/test_updater/test_update_library/conftest.py @@ -16,7 +16,6 @@ from tuf.ngclient._internal import trusted_metadata_set from pytest import fixture - original_tuf_trusted_metadata_set = trusted_metadata_set.TrustedMetadataSet NAMESPACE1 = "namespace1" diff --git a/taf/tests/tuf/__init__.py b/taf/tests/tuf/__init__.py index 47cf82a48..bf394f198 100644 --- a/taf/tests/tuf/__init__.py +++ b/taf/tests/tuf/__init__.py @@ -1,5 +1,4 @@ from pathlib import Path - # TODO: de-duplicate with conftest.py constants TEST_DATA_PATH = Path(__file__).parent.parent / "data" diff --git a/taf/tests/tuf/test_keys/test_yk.py b/taf/tests/tuf/test_keys/test_yk.py index d8912a48d..6a4e8e3f5 100644 --- a/taf/tests/tuf/test_keys/test_yk.py +++ b/taf/tests/tuf/test_keys/test_yk.py @@ -8,7 +8,6 @@ from securesystemslib.exceptions import UnverifiedSignatureError - # Test data to sign _DATA = b"DATA" _NOT_DATA = b"NOT DATA" diff --git a/taf/tools/dependencies/__init__.py b/taf/tools/dependencies/__init__.py index 5643fdd9c..08566f2a6 100644 --- a/taf/tools/dependencies/__init__.py +++ b/taf/tools/dependencies/__init__.py @@ -107,8 +107,7 @@ def add( def remove_dependency_command(): - @click.command( - help="""Remove a dependency from dependencies.json. + @click.command(help="""Remove a dependency from dependencies.json. Update and sign targets metadata, snapshot and timestamp using yubikeys or keys loaded from the specified keystore location. `taf dependencies remove --path auth-path dependency-name --keystore keystore-path` @@ -117,8 +116,7 @@ def remove_dependency_command(): `taf dependencies remove dependency-name --keystore keystore-path` - if inside an authentication repository""" - ) + if inside an authentication repository""") @find_repository @catch_cli_exception(handle=TAFError) @click.argument("dependency-name") diff --git a/taf/tools/repo/__init__.py b/taf/tools/repo/__init__.py index 4b384008d..59fe9c939 100644 --- a/taf/tools/repo/__init__.py +++ b/taf/tools/repo/__init__.py @@ -112,8 +112,7 @@ def exit_profiler(): def create_repo_command(): - @click.command( - help=""" + @click.command(help=""" \b Create a new authentication repository at the specified location by registering signing keys and generating initial metadata files. Information about the roles @@ -154,8 +153,7 @@ def create_repo_command(): If the test flag is set, a special target file will be created. This means that when calling the updater, it'll be necessary to use the --authenticate-test-repo flag. - """ - ) + """) @catch_cli_exception(handle=TAFError, remove_dir_on_error=True) @click.argument( "path", @@ -195,8 +193,7 @@ def create(path, keys_description, keystore, no_commit, test, pin_manager): def clone_repo_command(): - @click.command( - help=""" + @click.command(help=""" Validate and clone authentication repositories and target repositories. URL of the remote authentication repository must be specified when calling this command. If the remote repository's URL is a file system path, the --from-fs flag must be used. @@ -228,8 +225,7 @@ def clone_repo_command(): The update can be performed in strict or non-strict mode. Strict mode is enabled by specifying --strict, which will raise errors during the update if any warnings are found. By default, --strict is disabled. - """ - ) + """) @catch_cli_exception(handle=UpdateFailedError, skip_cleanup=True) @click.argument("url") @common_update_options @@ -326,8 +322,7 @@ def clone( def update_repo_command(): - @click.command( - help=""" + @click.command(help=""" Update and validate local authentication repositories and target repositories. If the authentication repository and the target repositories are in the same root directory, @@ -357,8 +352,7 @@ def update_repo_command(): The update can be performed in strict or non-strict mode. Strict mode is enabled by specifying --strict, which will raise errors during the update if any warnings are found. By default, --strict is disabled. - """ - ) + """) @find_repository @catch_cli_exception(handle=UpdateFailedError, skip_cleanup=True) @common_update_options @@ -448,16 +442,14 @@ def update( def validate_repo_command(): - @click.command( - help=""" + @click.command(help=""" Validates an authentication repository which is already on the file system and its target repositories (which are also expected to be on the file system). Does not clone repositories, fetch changes or merge commits. Validation can be in strict or no-strict mode. Strict mode is set by specifying --strict, which will raise errors during validate if any/all warnings are found. By default, --strict is disabled. - """ - ) + """) @find_repository @catch_cli_exception(handle=UpdateFailedError) @click.option( @@ -558,8 +550,7 @@ def validate( def reset_repo_command(): - @click.command( - help=""" + @click.command(help=""" Resets an authentication repository which is already on the file system and its target repositories (which are also expected to be on the file system) to a specified snapshot in the past. @@ -570,8 +561,7 @@ def reset_repo_command(): in --comit flag if reset is successful. If --force flag is set, any uncommited changes or unstaged files will be removed, else an error will be raised if there are any those. - """ - ) + """) @find_repository @catch_cli_exception(handle=UpdateFailedError) @click.option( diff --git a/taf/tools/roles/__init__.py b/taf/tools/roles/__init__.py index 918d49f3e..375a7af69 100644 --- a/taf/tools/roles/__init__.py +++ b/taf/tools/roles/__init__.py @@ -21,8 +21,7 @@ def add_roles_command(): - @click.command( - help=""" + @click.command(help=""" Add new delegated target roles. Allows optional specification of each role's properties through a JSON configuration file. Configuration file (JSON) can specify: @@ -68,8 +67,7 @@ def add_roles_command(): } } } - """ - ) + """) @find_repository @catch_cli_exception(handle=TAFError) @common_repo_edit_options @@ -116,11 +114,9 @@ def add_roles( def export_roles_description_command(): - @click.command( - help=""" + @click.command(help=""" Export roles-description.json file based on the - """ - ) + """) @find_repository @catch_cli_exception(handle=TAFError) @click.option( @@ -308,8 +304,7 @@ def remove_delegated_paths( def add_signing_key_command(): - @click.command( - help=""" + @click.command(help=""" Add a new signing key. This will make it possible to a sign metadata files corresponding to the specified roles with another key. Although private keys are used for signing, key identifiers are calculated based on the public keys. This @@ -317,8 +312,7 @@ def add_signing_key_command(): a new signing key. Public key can be loaded from a file, in which case it is necessary to specify its path as the pub_key parameter's value. If this option is not used when calling this command, the key can be directly entered later. - """ - ) + """) @find_repository @catch_cli_exception(handle=TAFError) @common_repo_edit_options @@ -379,11 +373,9 @@ def adding_signing_key( def revoke_signing_key_command(): - @click.command( - help=""" + @click.command(help=""" Revoke a signing key. - """ - ) + """) @find_repository @catch_cli_exception(handle=TAFError) @common_repo_edit_options @@ -437,11 +429,9 @@ def revoke_key( def rotate_signing_key_command(): - @click.command( - help=""" + @click.command(help=""" Rotate a signing key. - """ - ) + """) @find_repository @catch_cli_exception(handle=TAFError) @click.argument("keyid") @@ -506,12 +496,10 @@ def rotate_key( def list_keys_command(): - @click.command( - help=""" + @click.command(help=""" List all keys of the specified role. If certs directory exists and contains certificates exported from YubiKeys, include additional information read from these certificates, like name or organization. - """ - ) + """) @find_repository @catch_cli_exception(handle=TAFError) @click.argument("role") diff --git a/taf/tools/yubikey/__init__.py b/taf/tools/yubikey/__init__.py index 1a70be4fc..074e9df92 100644 --- a/taf/tools/yubikey/__init__.py +++ b/taf/tools/yubikey/__init__.py @@ -122,10 +122,8 @@ def setup_signing_key(certs_dir, pin_manager): def setup_test_key_command(): - @click.command( - help="""Copies the specified key onto the inserted YubiKey - WARNING - this will reset the inserted key.""" - ) + @click.command(help="""Copies the specified key onto the inserted YubiKey + WARNING - this will reset the inserted key.""") @click.argument("key-path") @catch_cli_exception(handle=YubikeyError) @pin_managed diff --git a/taf/tuf/keys.py b/taf/tuf/keys.py index 0c6e1f019..6bca7af23 100644 --- a/taf/tuf/keys.py +++ b/taf/tuf/keys.py @@ -1,6 +1,4 @@ -"""TUF metadata key functions. - -""" +"""TUF metadata key functions.""" from typing import Optional, Tuple, Union diff --git a/taf/tuf/repository.py b/taf/tuf/repository.py index 991298c70..3bfda17cb 100644 --- a/taf/tuf/repository.py +++ b/taf/tuf/repository.py @@ -56,7 +56,6 @@ from securesystemslib.signer import CryptoSigner - logger = logging.getLogger(__name__) # TODO remove this, use from constants or remove from constants @@ -721,9 +720,9 @@ def create_delegated_roles( key_id = _get_legacy_keyid(public_key) keys_data[key_id] = public_key if key_id in self.keys_name_mappings: - public_key.unrecognized_fields[ - "name" - ] = self.keys_name_mappings[key_id] + public_key.unrecognized_fields["name"] = ( + self.keys_name_mappings[key_id] + ) for signer in signers[role_data.name]: public_key = signer.public_key diff --git a/taf/updater/updater_pipeline.py b/taf/updater/updater_pipeline.py index 33d779c97..cee99c567 100644 --- a/taf/updater/updater_pipeline.py +++ b/taf/updater/updater_pipeline.py @@ -120,12 +120,12 @@ class UpdateState: target_branches_data_from_auth_repo: Dict = field(factory=dict) targets_data_by_auth_commits: Dict = field(factory=dict) old_heads_per_target_repos_branches: Dict[str, Dict[str, str]] = field(factory=dict) - fetched_commits_per_target_repos_branches: Dict[ - str, Dict[str, List[Commitish]] - ] = field(factory=dict) - validated_commits_per_target_repos_branches: Dict[ - str, Dict[str, Commitish] - ] = field(factory=dict) + fetched_commits_per_target_repos_branches: Dict[str, Dict[str, List[Commitish]]] = ( + field(factory=dict) + ) + validated_commits_per_target_repos_branches: Dict[str, Dict[str, Commitish]] = ( + field(factory=dict) + ) additional_commits_per_target_repos_branches: Dict[ str, Dict[str, List[Commitish]] ] = field(factory=dict) @@ -575,16 +575,16 @@ def _set_last_validated_commit(self): users_auth_repo.name ) - settings.last_validated_commit[ - self.state.validation_auth_repo.name - ] = last_validated_commit + settings.last_validated_commit[self.state.validation_auth_repo.name] = ( + last_validated_commit + ) self.state.last_validated_commit = Commitish.from_hash( last_validated_commit ) elif self.validate_from_commit: - settings.last_validated_commit[ - self.state.validation_auth_repo.name - ] = self.validate_from_commit + settings.last_validated_commit[self.state.validation_auth_repo.name] = ( + self.validate_from_commit + ) self.state.last_validated_commit = self.validate_from_commit def check_if_local_repositories_clean(self): @@ -892,9 +892,9 @@ def clone_auth_to_temp(self): self.state.validation_auth_repo.clone(bare=True) self.state.validation_auth_repo.fetch(fetch_all=True) - settings.validation_repo_path[ - self.state.validation_auth_repo.name - ] = self.state.validation_auth_repo.path + settings.validation_repo_path[self.state.validation_auth_repo.name] = ( + self.state.validation_auth_repo.path + ) except Exception as e: self.state.errors.append(e) self.state.event = Event.FAILED @@ -914,9 +914,9 @@ def prepare_for_auth_update_and_check_last_validated_commit(self): self.operation = OperationType.CLONE def _clear_lvc(): - settings.last_validated_commit[ - self.state.validation_auth_repo.name - ] = None + settings.last_validated_commit[self.state.validation_auth_repo.name] = ( + None + ) self.state.last_validated_commit = None self.state.auth_commits_since_last_validated = None @@ -1242,9 +1242,9 @@ def set_auth_commit_for_target_repos(self): repo_name: self._get_last_validated_commit(repo_name) for repo_name in self.state.users_target_repositories } - last_commits_per_repos[ - self.state.users_auth_repo.name - ] = self._get_last_validated_commit(self.state.users_auth_repo.name) + last_commits_per_repos[self.state.users_auth_repo.name] = ( + self._get_last_validated_commit(self.state.users_auth_repo.name) + ) last_validated_commits = list(set(last_commits_per_repos.values())) @@ -2194,12 +2194,10 @@ def set_target_repositories_data(self): ).get(branch) branch_data[branch]["new"] = [commit_info] branch_data[branch]["after_pull"] = [commit_info] - branch_data[branch][ - "unauthenticated" - ] = self.state.additional_commits_per_target_repos_branches.get( - repo_name, {} - ).get( - branch, [] + branch_data[branch]["unauthenticated"] = ( + self.state.additional_commits_per_target_repos_branches.get( + repo_name, {} + ).get(branch, []) ) if old_head is not None: branch_data[branch]["before_pull"] = old_head From 042e61358a2527e789a9faa85829c091ca87340e Mon Sep 17 00:00:00 2001 From: Renata Date: Thu, 7 May 2026 18:34:38 +0200 Subject: [PATCH 2/2] chore(deps): bump black rev to 26.3.1 and remove tools exclude in pre-commit --- .pre-commit-config.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 883f97e6a..f899f5174 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,9 +1,8 @@ repos: - repo: https://github.com/psf/black - rev: "22.12.0" + rev: "26.3.1" hooks: - id: black - exclude: ^taf/tools/ language_version: python3 - repo: https://github.com/PyCQA/flake8 rev: "5.0.4"