From ad8bb8a7a042bd0018566369cd4b6f18935430b4 Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Tue, 15 Dec 2020 19:29:14 +0100
Subject: [PATCH 1/6] Fix failing tests on GitHub windows runners

The GitHub action windows runners (added in a subsequent commit)
choke on a test that runs os.makedirs with a too long directory
name, and expects an OSError with error numbers ENAMETOOLONG or
ENOENT. However, this particular runner returns EINVAL in Python 3,
which according to bugs.python.org/msg295851 is not unlikely.

This commit simply adds EINVAL to the expected error numbers.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 tests/test_updater.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/test_updater.py b/tests/test_updater.py
index f8d6379d0f..69c67044ea 100755
--- a/tests/test_updater.py
+++ b/tests/test_updater.py
@@ -1344,10 +1344,12 @@ def test_6_download_target(self):
       self.repository_updater.download_target(targetinfo, bad_destination_directory)
 
     except OSError as e:
-      self.assertTrue(e.errno == errno.ENAMETOOLONG or e.errno == errno.ENOENT)
+      self.assertTrue(
+          e.errno in [errno.ENAMETOOLONG, errno.ENOENT, errno.EINVAL],
+          "wrong errno: " + str(e.errno))
 
     else:
-      self.fail('Expected an OSError of type ENAMETOOLONG or ENOENT')
+      self.fail('No OSError raised')
 
 
     # Test: Invalid arguments.

From e36d18124107f91a599f97bceb4a37f2c53dedcf Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Tue, 15 Dec 2020 19:20:57 +0100
Subject: [PATCH 2/6] Work around pypa/pip#9215 with old resolver

Configure tox to use legacy resolver as a temporary workaround
for pypa/pip#9215, which results in huge unnecessary downloads.

Co-authored-by: Jussi Kukkonen <jkukkonen@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 tox.ini | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 23ee0026b0..a86fba4faa 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,7 +23,8 @@ deps =
     # installation (see `skipsdist`), to get relative paths in coverage reports
     --editable {toxinidir}
 
-install_command = pip install --pre {opts} {packages}
+# FIXME: use legacy resolver because https://github.com/pypa/pip/issues/9215
+install_command = pip install --use-deprecated=legacy-resolver --pre {opts} {packages}
 
 
 # Develop test env to run tests against securesystemslib's master branch

From 36b8d43bd8702c380b26704467bf201b3da76874 Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Tue, 15 Dec 2020 19:06:15 +0100
Subject: [PATCH 3/6] Add basic GitHub workflow to run tests and linters

Configure workflow to run all tox environments, where each 'py' env
runs on linux, macos and windows, and sslib master and lint builds
run only Linux/Python3.x only.

The workflow also configures pip caching.

TODO: Adopt publishing of coverage (coveralls) and license (fossa)
data from .travis.yml.

Co-authored-by: Jussi Kukkonen <jkukkonen@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 .github/workflows/ci.yml | 56 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000000..0336e94528
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,56 @@
+name: Run TUF tests and linter
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      # Run regular TUF tests on each OS/Python combination, plus special tests
+      # (sslib master) and linters on Linux/Python3.x only.
+      matrix:
+        python-version: [2.7, 3.6, 3.7, 3.8, 3.9]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        toxenv: [py]
+        include:
+          - python-version: 3.x
+            os: ubuntu-latest
+            toxenv: with-sslib-master
+            experimental: true
+          # TODO: Change to 3.x once pylint fully supports Python 3.9
+          - python-version: 3.8
+            os: ubuntu-latest
+            toxenv: lint
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout TUF
+        uses: actions/checkout@v2
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Find pip cache dir
+        id: pip-cache
+        run: echo "::set-output name=dir::$(pip cache dir)"
+
+      - name: pip cache
+        uses: actions/cache@v2
+        with:
+          # Use the os dependent pip cache directory found above
+          path: ${{ steps.pip-cache.outputs.dir }}
+          # A match with 'key' counts as cache hit
+          key: ${{ runner.os }}-pip-${{ hashFiles('requirements*.txt') }}
+          # A match with 'restore-keys' is used as fallback
+          restore-keys: ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install tox
+
+      - name: Run tox
+        run: tox -e ${{ matrix.toxenv }}

From 9ec845cbc10e4abd5c214c93e51d982a2cb8984d Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Tue, 15 Dec 2020 19:34:12 +0100
Subject: [PATCH 4/6] Adopt CI change in TUF docs

Replace mentions of travis/appveyor with GitHub Actions in
governance (contribution) and readme (badges) documents.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 README.md          | 2 +-
 docs/GOVERNANCE.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6934b10390..5663379b72 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # <img src="https://cdn.rawgit.com/theupdateframework/artwork/3a649fa6/tuf-logo.svg" height="100" valign="middle" alt="TUF"/> A Framework for Securing Software Update Systems
 
-[![Travis-CI](https://travis-ci.com/theupdateframework/tuf.svg?branch=develop)](https://travis-ci.com/theupdateframework/tuf)
+![Build](https://github.com/theupdateframework/tuf/workflows/Run%20TUF%20tests%20and%20linter/badge.svg)
 [![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop)
 ![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=theupdateframework/tuf)
 [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield)
diff --git a/docs/GOVERNANCE.md b/docs/GOVERNANCE.md
index 23f82ea8d0..e21db3f394 100644
--- a/docs/GOVERNANCE.md
+++ b/docs/GOVERNANCE.md
@@ -27,7 +27,7 @@ guidelines](https://github.com/secure-systems-lab/code-style-guidelines), and
 must unit test any new software feature or change.  Submitted pull requests
 undergo review and automated testing, including, but not limited to:
 
-* Unit and build testing via [Travis CI](https://travis-ci.com/) and
+* Unit and build testing via [GitHub Actions](https://github.com/theupdateframework/tuf/actions) and
 [Tox](https://tox.readthedocs.io/en/latest/).
 * Static code analysis via [Pylint](https://www.pylint.org/) and
 [Bandit](https://wiki.openstack.org/wiki/Security/Projects/Bandit).

From 61cffeea9525dba667172880e405f1b03fa7f07c Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Tue, 15 Dec 2020 19:18:02 +0100
Subject: [PATCH 5/6] Remove travis/appveyor config in favor of actions

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 .travis.yml  | 51 ---------------------------------------------------
 appveyor.yml | 33 ---------------------------------
 2 files changed, 84 deletions(-)
 delete mode 100644 .travis.yml
 delete mode 100644 appveyor.yml

diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 6e29de0959..0000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-dist: xenial
-language: python
-cache: pip
-
-
-env:
-  global:
-    # NOTE: Public push only token (can't be used to read or edit project info)
-    - FOSSA_API_KEY=cbc317812661645ea400ab9ee6c7616a
-
-matrix:
-  include:
-    - python: "2.7"
-      env: TOXENV=py27
-    - python: "3.6"
-      env: TOXENV=py36
-    - python: "3.7"
-      env: TOXENV=py37
-    - python: "3.8"
-      env: TOXENV=py38
-    - python: "3.9"
-      env: TOXENV=py39
-    - python: "3.8"
-      env: TOXENV=with-sslib-master
-    - python: "3.8"
-      env: TOXENV=lint
-      before_script: skip
-      after_success: skip
-
-  allow_failures:
-    - python: "3.8"
-      env: TOXENV=with-sslib-master
-
-install:
-  - pip install tox coveralls
-
-before_script:
-  - "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | sudo bash"
-
-script:
-  - tox
-
-after_success:
-  - fossa
-  # Workaround to get coverage reports with relative paths.
-  # FIXME: Consider refactoring the tests to not require the test aggregation
-  # script being invoked from the `tests` directory, so that `.coverage` is
-  # written to and .coveragrc can also reside in the project root directory, as
-  # is the convention.
-  - cp tests/.coverage .
-  - coveralls --rcfile=tests/.coveragerc
diff --git a/appveyor.yml b/appveyor.yml
deleted file mode 100644
index 769dc58f8d..0000000000
--- a/appveyor.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-environment:
-  matrix:
-    - PYTHON: "C:\\Python38"
-      PYTHON_VERSION: 3.8
-      PYTHON_ARCH: 32
-
-    - PYTHON: "C:\\Python37"
-      PYTHON_VERSION: 3.7
-      PYTHON_ARCH: 32
-
-    - PYTHON: "C:\\Python36"
-      PYTHON_VERSION: 3.6
-      PYTHON_ARCH: 32
-
-    - PYTHON: "C:\\Python27"
-      PYTHON_VERSION: 2.7
-      PYTHON_ARCH: 32
-
-init:
-  - ECHO %PYTHON% %PYTHON_VERSION% %PYTHON_ARCH%
-
-install:
-  - set PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%
-  - python -m pip install -U pip setuptools
-  - pip install -e .
-  - pip install securesystemslib[crypto,pynacl] python-dateutil
-  - if %PYTHON_VERSION%==2.7 pip install mock
-
-build: false
-
-test_script:
-  - cd tests
-  - python aggregate_tests.py

From 0ab9ee76179adcc7c8e3492a11a897453d5dfabc Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Wed, 16 Dec 2020 17:33:23 +0100
Subject: [PATCH 6/6] Temporarily remove coveralls + fossa badges

The newly add GitHub workflow, which replaces Travis and Appveyor
does not support publishing coverage (coveralls) and license
(fossa) data yet (formerly done by Travis).

This commit removes the corresponding badges from README. It shall
be reverted once coveralls and fossa are re-enabled.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/README.md b/README.md
index 5663379b72..3c77c031f1 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,7 @@
 # <img src="https://cdn.rawgit.com/theupdateframework/artwork/3a649fa6/tuf-logo.svg" height="100" valign="middle" alt="TUF"/> A Framework for Securing Software Update Systems
 
 ![Build](https://github.com/theupdateframework/tuf/workflows/Run%20TUF%20tests%20and%20linter/badge.svg)
-[![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop)
 ![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=theupdateframework/tuf)
-[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield)
 [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351)
 [![PyPI](https://img.shields.io/pypi/v/tuf)](https://pypi.org/project/tuf/)