Starting in Python 3.12, global and virtual Python environments no
longer automatically ship setuptools (per the "ensurepip" item in
https://docs.python.org/3.12/whatsnew/3.12.html#removed). Projects
that use setuptools as a build backend are still supported,
including with setup.py using techniques such as "pip install .".

In Windows, the "bin" subdir of a virtual environment dir is called
"Scripts" instead. Unlike in a global environment (where no names
are universal, and "python3" and "pip3" are more common for the
Python 3 commands on some popular Unix-like systems), in a virtual
environment the "python" and "pip" commands are always present and
"python3" and "pip3" are not guaranteed to be present.

This commit changes test_installation accordingly. The CI workflows
and documentation still need to be updated.

This changes the installation instructions in README.md to
recommend "pip install ." instead of "python setup.py install". The
former is compatible with Python 3.12 which doesn't have setuptools
installed by default (so setup.py, which imports it, can be
indirectly but not directly used). This also matches the
corresponding change made in the installation unit test.

While doing so, I've also clarified the instructions, and added the
implied "cd" command as well as the "git fetch --tags" command in
the position where a later section was recently updated to mention
it should have been run.

Using "pip install ." creates the opportunity to pass "-e" to make
an editable install, which users who clone the repository to work
on changes should do, because the effect of an editable install is
only partially simulated by pytest, and so that manual testing of
changes actually uses the changes intended for testing.

This increases the length and detail of the instructions, so I've
added h4 subsections to clarify the separations between them and
make it easier for readers to find the part they're looking for. In
doing so, I've reordered these subsections accordingly. Because
greater detail can create the impression that all important steps
are mentioned, I've made the general good advice to use a virtual
environment explicit. For brevity, I have not added venv commands.

This adds a #! line to the top of setup.py, because it is a script
with the executable bit set. Although neither recent nor current
documentation in the project recommends to run "./setup.py", this
should probably have the intuitive effect of attempting to run the
script with a Python interpreter rather than a Unix-style shell.

It also uses the "env trick" in init-tests-after-clone.sh so that
script runs with whatever bash interpreter is found in a normal
PATH search. While "sh" is expected to be found in /bin on all
Unix-like systems, that is not always the case for "bash". This
change slightly improves compatibility by supporting systems that
don't ship with bash but on which it has been installed.

- Remove "gitdb" from test-requirements.txt, because it already a
  dependency of the project (listed in requirements.txt, which is
  used to build the value passed for install_requires in setup.py).

- Remove "black" from requirements-dev.txt, because it is listed in
  test-requirement.txt (which requirements-dev.txt sources).

Because tests_require is deprecated since setuptools 41.5.0 with
the intention that it will be removed in some future version (noted
in https://setuptools.pypa.io/en/latest/references/keywords.html).

It is somewhat unintuitive for GitPython to have a "test" extra, as
it makes it so "GitPython[test]" can be specified for installation
from PyPI to get test dependencies, even though the PyPI package
doesn't include the unit test themselves.

However, this makes the statement in README.md that the installer
takes care of both requirements.txt and test-requirements.txt
dependencies fully true, instead of moving further away from that.

Because it is now possible to make an editable GitPython install
with test as well as minimal dependencies installed, this commit
also updates the readme to document and recommend this.

Instead of directly running setup.py.

This allows Python 3.12 (as well as previous versions) to be used
for building. Although setuptools could be added as a development
dependency to run setup.py, using "build" instead is recommended in
https://setuptools.pypa.io/en/latest/userguide/quickstart.html.

Those docs likewise recommend only listing "wheel" in the
build-system section of pyproject.toml if setup.py actually imports
the wheel module. So this removes that. (Running "make release",
which now uses "build", will continue to build wheels.)

The "build" package is not conceptually a testing dependency, but
test-requirements.txt is currently the de facto list of all stable
development dependencies for regular use.

This is cleanup related to the previous commit. As that file grows,
it is harder to tell immediately if a particular package is in it
when not alphabetized. (The groups were also not intuitive, with
ddt listed separately from other unit test related dependencies.)

This removes the step in test_installation that did the equivalent
of "pip install -r requirements.txt", because installing GitPython
is sufficient to install all its required dependencies, and it is
more important to test that than to test requirements.txt directly.

Removing this causes the test to fail if installing the project
doesn't entail installation of the requirements necessary to import
the git module or to cause gitdb to be found in a sys.path search.

Key changes:

- Update the two CI workflows to install the project and its
  dependencies in accordance with the changed recommendations in
  README.md. (This is to test that those recommendations work,
  which the changed test_installation test case partially but not
  completely tests. The old approach to installation still works
  too, so this change on CI is not required to keep CI working.)

- Add Python 3.12 to the CI test matrix in pythonpackage.yml,
  testing it on Ubuntu. (The Cygwin workflow still tests only 3.9.)

Maintenance changes, made to avoid decreasing readability with the
other changes (and hopefully even increase it somewhat):

- Separate commands into more steps, grouping them by more specific
  purposes.

- Decrease the ways the two workflows differ from each other that
  do not represent actual intended behavioral differences. This is
  to make the important differences easier to stop, and to make it
  easier to determine when the same change has or has not been made
  to both workflows.

The omission of "set -x" was intentional and is currently necessary
on Cygwin (but not on Ubuntu), per aafb92a.

Bump gitpython from 3.1.35 to 3.1.37

Bumps gitpython from 3.1.35 to 3.1.37.

Release notes
Sourced from gitpython's releases.

3.1.37 - a proper fix CVE-2023-41040
What's Changed

Improve Python version and OS compatibility, fixing deprecations by @​EliahKagan in gitpython-developers/GitPython#1654
Better document env_case test/fixture and cwd by @​EliahKagan in gitpython-developers/GitPython#1657
Remove spurious executable permissions by @​EliahKagan in gitpython-developers/GitPython#1658
Fix up checks in Makefile and make them portable by @​EliahKagan in gitpython-developers/GitPython#1661
Fix URLs that were redirecting to another license by @​EliahKagan in gitpython-developers/GitPython#1662
Assorted small fixes/improvements to root dir docs by @​EliahKagan in gitpython-developers/GitPython#1663
Use venv instead of virtualenv in test_installation by @​EliahKagan in gitpython-developers/GitPython#1664
Omit py_modules in setup by @​EliahKagan in gitpython-developers/GitPython#1665
Don't track code coverage temporary files by @​EliahKagan in gitpython-developers/GitPython#1666
Configure tox by @​EliahKagan in gitpython-developers/GitPython#1667
Format tests with black and auto-exclude untracked paths by @​EliahKagan in gitpython-developers/GitPython#1668
Upgrade and broaden flake8, fixing style problems and bugs by @​EliahKagan in gitpython-developers/GitPython#1673
Fix rollback bug in SymbolicReference.set_reference by @​EliahKagan in gitpython-developers/GitPython#1675
Remove @NoEffect annotations by @​EliahKagan in gitpython-developers/GitPython#1677
Add more checks for the validity of refnames by @​facutuesca in gitpython-developers/GitPython#1672

Full Changelog: gitpython-developers/GitPython@3.1.36...3.1.37



Commits

b27a89f fix makefile to compare commit hashes only
0bd2890 prepare next release
832b6ee remove unnecessary list comprehension to fix CI
e98f57b Merge pull request #1672 from trail-of-forks/robust-refname-checks
1774f1e Merge pull request #1677 from EliahKagan/no-noeffect
a4701a0 Remove @NoEffect annotations
d40320b Merge pull request #1675 from EliahKagan/rollback
d1c1f31 Merge pull request #1673 from EliahKagan/flake8
e480985 Tweak rollback logic in log.to_file
ff84b26 Refactor try-finally cleanup in git/
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Reviewed-by: Vladimir Vshivkov

8 of the tests that fail on native Windows systems fail due to
IndexFile.from_tree being broken on Windows, causing gitpython-developers#1630.

This commit marks those tests as xfail. This is part, though not
all, of the changes to get CI test jobs for native Windows that
are passing, to guard against new regressions and to allow the code
and tests to be gradually fixed (see discussion in gitpython-developers#1654).

When fixing the bug, this commit can be reverted.

8 of the tests that fail on native Windows systems fail due to
IndexFile.from_tree being broken on Windows, causing gitpython-developers#1630.

This commit marks those tests as xfail. This is part, though not
all, of the changes to get CI test jobs for native Windows that
are passing, to guard against new regressions and to allow the code
and tests to be gradually fixed (see discussion in gitpython-developers#1654).

When fixing the bug, this commit can be reverted.

8 of the tests that fail on native Windows systems fail due to
IndexFile.from_tree being broken on Windows, causing gitpython-developers#1630.

This commit marks those tests as xfail. This is part, though not
all, of the changes to get CI test jobs for native Windows that
are passing, to guard against new regressions and to allow the code
and tests to be gradually fixed (see discussion in gitpython-developers#1654).

When fixing the bug, this commit can be reverted.