Skip to content
Snippets Groups Projects
Commit f025c6df authored by Pytgaen's avatar Pytgaen
Browse files

feat: remove unnecesary install when use poetry or pipenv

- trivy, sbom not install packages from project if use poetry, pipenv by take advantage of lockfile
parent 85155d6e
Branches
Tags
No related merge requests found
......@@ -1169,7 +1169,6 @@ py-trivy:
dependencies: []
script:
- mkdir -p -m 777 reports
- install_requirements
- |
if [[ -z "$PYTHON_TRIVY_DIST_URL" ]]
then
......@@ -1190,15 +1189,17 @@ py-trivy:
mv ./trivy $python_trivy
fi
- |
if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
then
# When using Poetry, `pip freeze` outputs a requirements.txt with @file URLs for each wheel
# These @file URLs in requirements.txt are not supported by Trivy
# So instead of simply using pip freeze, we use `poetry export`
poetry export -f requirements.txt --without-hashes --output reports/requirements.txt
else
case "$PYTHON_BUILD_SYSTEM" in
poetry*|pipenv*)
log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
cp poetry.lock Pipfile.lock ./reports 2>/dev/null || true
;;
*)
log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
install_requirements
_pip freeze | tee ./reports/requirements.txt
fi
;;
esac
if [[ -f "./requirements.txt" ]]
then
sort -u ./requirements.txt | grep -v "^[ ]*$" > ./requirements.txt.sorted
......@@ -1238,10 +1239,14 @@ py-sbom:
needs: []
script:
- mkdir -p -m 777 reports
- install_requirements
- |
case "$PYTHON_BUILD_SYSTEM" in
setuptools*|reqfile)
poetry*|pipenv*)
log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
;;
*)
log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
install_requirements
_pip freeze > "${PYTHON_REQS_FILE}"
;;
esac
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment