41 lines
1.3 KiB
ReStructuredText
41 lines
1.3 KiB
ReStructuredText
|
=======================
|
||
|
|
Vendored library policy
|
||
|
|
=======================
|
||
|
|
|
||
|
|
To simplify Bleach development, we're now vendoring certain libraries that
|
||
|
|
we use.
|
||
|
|
|
||
|
|
Vendored libraries must follow these rules:
|
||
|
|
|
||
|
|
1. Vendored libraries must be pure Python--no compiling.
|
||
|
|
2. Source code for the libary is included in this directory.
|
||
|
|
3. License must be included in this repo and in the Bleach distribution.
|
||
|
|
4. Requirements of the library become requirements of Bleach.
|
||
|
|
5. No modifications to the library may be made.
|
||
|
|
|
||
|
|
|
||
|
|
Adding/Updating a vendored library
|
||
|
|
==================================
|
||
|
|
|
||
|
|
Way to vendor a library or update a version:
|
||
|
|
|
||
|
|
1. Update ``vendor.txt`` with the library, version, and hash. You can use
|
||
|
|
`hashin <https://pypi.org/project/hashin/>`_.
|
||
|
|
2. Remove all old files and directories of the old version.
|
||
|
|
3. Run ``pip_install_vendor.sh`` and check everything it produced in including
|
||
|
|
the ``.dist-info`` directory and contents.
|
||
|
|
|
||
|
|
|
||
|
|
Reviewing a change involving a vendored library
|
||
|
|
===============================================
|
||
|
|
|
||
|
|
Way to verify a vendored library addition/update:
|
||
|
|
|
||
|
|
1. Pull down the branch.
|
||
|
|
2. Delete all the old files and directories of the old version.
|
||
|
|
3. Run ``pip_install_vendor.sh``.
|
||
|
|
4. Run ``git diff`` and verify there are no changes.
|
||
|
|
|
||
|
|
|
||
|
|
NB: the current ``vendor.txt`` was generated with pip 20.2.3, which might be necessary to reproduce the dist-info
|