integrations-core icon indicating copy to clipboard operation
integrations-core copied to clipboard
verified publisher icon DataDog

Pin security deps in ddev

Open sarah-witt opened this issue 3 years ago • 2 comments

What does this PR do?

Pins in-toto and securesystemslib in ddev to match what is shipped in the agent/downloader https://github.com/DataDog/integrations-core/blob/master/datadog_checks_base/datadog_checks/base/data/agent_requirements.in#L99 https://github.com/DataDog/integrations-core/blob/master/datadog_checks_base/datadog_checks/base/data/agent_requirements.in#L33

Motivation

We want the downloader and ddev to have the same versions of libraries in case of incompatibility issues.

In the future let's add validation that these two places match so we don't get out of sync again.

Additional Notes

After pinning the deps and reinstalling ddev I can see the correct versions installed:

Successfully built datadog-checks-dev
Installing collected packages: securesystemslib, datadog-checks-dev
  Attempting uninstall: securesystemslib
    Found existing installation: securesystemslib 0.21.0
    Uninstalling securesystemslib-0.21.0:
      Successfully uninstalled securesystemslib-0.21.0
  Attempting uninstall: datadog-checks-dev
    Found existing installation: datadog-checks-dev 16.7.0
    Uninstalling datadog-checks-dev-16.7.0:
      Successfully uninstalled datadog-checks-dev-16.7.0
Successfully installed datadog-checks-dev-17.0.0 securesystemslib-0.20.1

Installing collected packages: in-toto, datadog-checks-dev
  Attempting uninstall: in-toto
    Found existing installation: in-toto 1.1.1
    Uninstalling in-toto-1.1.1:
      Successfully uninstalled in-toto-1.1.1
  Attempting uninstall: datadog-checks-dev
    Found existing installation: datadog-checks-dev 17.0.0
    Uninstalling datadog-checks-dev-17.0.0:
      Successfully uninstalled datadog-checks-dev-17.0.0
Successfully installed datadog-checks-dev-17.0.0 in-toto-1.0.1

Review checklist (to be filled by reviewers)

  • [ ] Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • [ ] PR title must be written as a CHANGELOG entry (see why)
  • [ ] Files changes must correspond to the primary purpose of the PR as described in the title (small unrelated changes should have their own PR)
  • [ ] PR must have changelog/ and integration/ labels attached

sarah-witt avatar Sep 16 '22 17:09 sarah-witt

Codecov Report

Merging #12956 (6f921f0) into master (d6414d3) will increase coverage by 0.08%. The diff coverage is n/a.

Flag Coverage Δ
datadog_checks_dev 80.13% <ø> (+1.40%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Sep 16 '22 17:09 codecov[bot]

@yzhan289 After this PR is merged, I'm going to check that the new images look good, and if they do I will unpin the images!

sarah-witt avatar Sep 16 '22 17:09 sarah-witt