Bump black and run the formatter

.pre-commit-config.yaml

@@ -1,9 +1,8 @@
 repos:
   - repo: https://github.com/psf/black
-    rev: "22.12.0"
+    rev: "26.3.1"
     hooks:
       - id: black
-        exclude: ^taf/tools/
         language_version: python3
   - repo: https://github.com/PyCQA/flake8
     rev: "5.0.4"

setup.py

@@ -15,7 +15,7 @@
 
 ci_require = [
     "bandit>=1.6.0",
-    "black==22.12.0",
+    "black==26.3.1",
     "coverage==4.5.3",
     "pre-commit>=1.18.3",
     "pytest-cov==2.7.1",
@@ -24,7 +24,7 @@
 
 executable_require = ["lxml"]
 
-dev_require = ["bandit>=1.6.0", "black==22.12.0", "pre-commit>=1.18.3"]
+dev_require = ["bandit>=1.6.0", "black==26.3.1", "pre-commit>=1.18.3"]
 
 tests_require = [
     "pytest==8.*",

taf/__init__.py

@@ -1,5 +1,4 @@
-"""Add platform-dependent libraries to the path.
-"""
+"""Add platform-dependent libraries to the path."""
 
 import sys
 

taf/constants.py

@@ -2,7 +2,6 @@
 import datetime
 from typing import List, Optional
 
-
 TARGETS_DIRECTORY_NAME = "targets"
 METADATA_DIRECTORY_NAME = "metadata"
 

taf/repositoriesdb.py

@@ -15,7 +15,6 @@
 from taf.log import taf_logger
 from taf.models.types import Commitish
 
-
 # Target repositories db
 
 # {

taf/tests/test_api/metadata/api/test_metadata.py

@@ -10,7 +10,6 @@
 from tuf.api.metadata import Root, Snapshot, Timestamp, Targets
 from taf.yubikey.yubikey_manager import PinManager
 
-
 AUTH_REPO_NAME = "auth"
 
 

taf/tests/test_api/targets/api/test_targets.py

@@ -16,7 +16,6 @@
 )
 from taf.yubikey.yubikey_manager import PinManager
 
-
 AUTH_REPO_NAME = "auth"
 
 

taf/tests/test_git/conftest.py

@@ -6,7 +6,6 @@
 from taf.utils import on_rm_error
 from taf.tests.conftest import TEST_DATA_REPOS_PATH
 
-
 TEST_DIR = Path(TEST_DATA_REPOS_PATH, "test-git")
 REPO_NAME = "repository"
 CLONE_REPO_NAME = "repository2"

taf/tests/test_repository/test_repository.py

@@ -134,7 +134,11 @@ def _check_values(repo, json_data):
             else:
                 assert repo_value == attr_value
 
-    for (repo_library_dir, repo_name, repo_path,) in (
+    for (
+        repo_library_dir,
+        repo_name,
+        repo_path,
+    ) in (
         (library_dir, name, None),
         (None, None, Path(library_dir, name)),
     ):

taf/tests/test_updater/conftest.py

@@ -46,7 +46,6 @@
 
 from tuf.api.metadata import Timestamp
 
-
 KEYS_DESCRIPTION = str(TEST_INIT_DATA_PATH / "keys.json")
 
 

taf/tests/test_updater/test_handlers/conftest.py

@@ -4,7 +4,6 @@
 from tuf.ngclient._internal import trusted_metadata_set
 from pytest import fixture
 
-
 HANDLERS_DATA_INPUT_DIR = TEST_DATA_PATH / "handler_inputs"
 TYPES_DIR = TEST_DATA_PATH / "types"
 UPDATE_TYPES_DIR = TYPES_DIR / "update"

taf/tests/test_updater/test_handlers/test_schemas.py

@@ -8,7 +8,6 @@
     update_update_schema,
 )
 
-
 schema_store = {
     repo_update_schema["$id"]: repo_update_schema,
     update_update_schema["$id"]: update_update_schema,

taf/tests/test_updater/test_update_library/conftest.py

@@ -16,7 +16,6 @@
 from tuf.ngclient._internal import trusted_metadata_set
 from pytest import fixture
 
-
 original_tuf_trusted_metadata_set = trusted_metadata_set.TrustedMetadataSet
 
 NAMESPACE1 = "namespace1"

taf/tests/tuf/__init__.py

@@ -1,5 +1,4 @@
 from pathlib import Path
 
-
 # TODO: de-duplicate with conftest.py constants
 TEST_DATA_PATH = Path(__file__).parent.parent / "data"

taf/tests/tuf/test_keys/test_yk.py

@@ -8,7 +8,6 @@
 
 from securesystemslib.exceptions import UnverifiedSignatureError
 
-
 # Test data to sign
 _DATA = b"DATA"
 _NOT_DATA = b"NOT DATA"

taf/tools/dependencies/__init__.py

@@ -107,8 +107,7 @@ def add(
 
 
 def remove_dependency_command():
-    @click.command(
-        help="""Remove a dependency from dependencies.json.
+    @click.command(help="""Remove a dependency from dependencies.json.
         Update and sign targets metadata, snapshot and timestamp using yubikeys or keys loaded from the specified keystore location.
 
         `taf dependencies remove --path auth-path dependency-name --keystore keystore-path`
@@ -117,8 +116,7 @@ def remove_dependency_command():
 
         `taf dependencies remove dependency-name --keystore keystore-path`
 
-        if inside an authentication repository"""
-    )
+        if inside an authentication repository""")
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @click.argument("dependency-name")

taf/tools/repo/__init__.py

@@ -112,8 +112,7 @@ def exit_profiler():
 
 
 def create_repo_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         \b
         Create a new authentication repository at the specified location by registering
         signing keys and generating initial metadata files. Information about the roles
@@ -154,8 +153,7 @@ def create_repo_command():
 
         If the test flag is set, a special target file will be created. This means that when
         calling the updater, it'll be necessary to use the --authenticate-test-repo flag.
-        """
-    )
+        """)
     @catch_cli_exception(handle=TAFError, remove_dir_on_error=True)
     @click.argument(
         "path",
@@ -195,8 +193,7 @@ def create(path, keys_description, keystore, no_commit, test, pin_manager):
 
 
 def clone_repo_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Validate and clone authentication repositories and target repositories. URL of the
         remote authentication repository must be specified when calling this command. If the remote repository's URL is a file system path, the --from-fs flag must be used.
 
@@ -228,8 +225,7 @@ def clone_repo_command():
         The update can be performed in strict or non-strict mode. Strict mode is enabled by specifying
         --strict, which will raise errors during the update if any warnings are found. By default, --strict
         is disabled.
-        """
-    )
+        """)
     @catch_cli_exception(handle=UpdateFailedError, skip_cleanup=True)
     @click.argument("url")
     @common_update_options
@@ -326,8 +322,7 @@ def clone(
 
 
 def update_repo_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Update and validate local authentication repositories and target repositories.
 
         If the authentication repository and the target repositories are in the same root directory,
@@ -357,8 +352,7 @@ def update_repo_command():
         The update can be performed in strict or non-strict mode. Strict mode is enabled by specifying
         --strict, which will raise errors during the update if any warnings are found. By default, --strict
         is disabled.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=UpdateFailedError, skip_cleanup=True)
     @common_update_options
@@ -448,16 +442,14 @@ def update(
 
 
 def validate_repo_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Validates an authentication repository which is already on the file system
         and its target repositories (which are also expected to be on the file system).
         Does not clone repositories, fetch changes or merge commits.
 
         Validation can be in strict or no-strict mode. Strict mode is set by specifying --strict, which will raise errors
         during validate if any/all warnings are found. By default, --strict is disabled.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=UpdateFailedError)
     @click.option(
@@ -558,8 +550,7 @@ def validate(
 
 
 def reset_repo_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Resets an authentication repository which is already on the file system
         and its target repositories (which are also expected to be on the file system)
         to a specified snapshot in the past.
@@ -570,8 +561,7 @@ def reset_repo_command():
         in --comit flag if reset is successful.
         If --force flag is set, any uncommited changes or unstaged files will be removed,
         else an error will be raised if there are any those.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=UpdateFailedError)
     @click.option(

taf/tools/roles/__init__.py

@@ -21,8 +21,7 @@
 
 
 def add_roles_command():
-    @click.command(
-        help="""
+    @click.command(help="""
     Add new delegated target roles. Allows optional specification of each role's properties through a JSON configuration file.
 
     Configuration file (JSON) can specify:
@@ -68,8 +67,7 @@ def add_roles_command():
         }
     }
     }
-    """
-    )
+    """)
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @common_repo_edit_options
@@ -116,11 +114,9 @@ def add_roles(
 
 
 def export_roles_description_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Export roles-description.json file based on the
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @click.option(
@@ -308,17 +304,15 @@ def remove_delegated_paths(
 
 
 def add_signing_key_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Add a new signing key. This will make it possible to a sign metadata files
         corresponding to the specified roles with another key. Although private keys are
         used for signing, key identifiers are calculated based on the public keys. This
         means that it's necessary to enter the public key in order to register
         a new signing key. Public key can be loaded from a file, in which case it is
         necessary to specify its path as the pub_key parameter's value. If this option
         is not used when calling this command, the key can be directly entered later.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @common_repo_edit_options
@@ -379,11 +373,9 @@ def adding_signing_key(
 
 
 def revoke_signing_key_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Revoke a signing key.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @common_repo_edit_options
@@ -437,11 +429,9 @@ def revoke_key(
 
 
 def rotate_signing_key_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         Rotate a signing key.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @click.argument("keyid")
@@ -506,12 +496,10 @@ def rotate_key(
 
 
 def list_keys_command():
-    @click.command(
-        help="""
+    @click.command(help="""
         List all keys of the specified role. If certs directory exists and contains certificates exported from YubiKeys,
         include additional information read from these certificates, like name or organization.
-        """
-    )
+        """)
     @find_repository
     @catch_cli_exception(handle=TAFError)
     @click.argument("role")

taf/tools/yubikey/__init__.py

@@ -122,10 +122,8 @@ def setup_signing_key(certs_dir, pin_manager):
 
 
 def setup_test_key_command():
-    @click.command(
-        help="""Copies the specified key onto the inserted YubiKey
-        WARNING - this will reset the inserted key."""
-    )
+    @click.command(help="""Copies the specified key onto the inserted YubiKey
+        WARNING - this will reset the inserted key.""")
     @click.argument("key-path")
     @catch_cli_exception(handle=YubikeyError)
     @pin_managed

taf/tuf/keys.py

@@ -1,6 +1,4 @@
-"""TUF metadata key functions.
-
-"""
+"""TUF metadata key functions."""
 
 from typing import Optional, Tuple, Union
 

taf/tuf/repository.py

@@ -56,7 +56,6 @@
 
 from securesystemslib.signer import CryptoSigner
 
-
 logger = logging.getLogger(__name__)
 
 # TODO remove this, use from constants or remove from constants
@@ -721,9 +720,9 @@ def create_delegated_roles(
                         key_id = _get_legacy_keyid(public_key)
                         keys_data[key_id] = public_key
                         if key_id in self.keys_name_mappings:
-                            public_key.unrecognized_fields[
-                                "name"
-                            ] = self.keys_name_mappings[key_id]
+                            public_key.unrecognized_fields["name"] = (
+                                self.keys_name_mappings[key_id]
+                            )
 
                     for signer in signers[role_data.name]:
                         public_key = signer.public_key