Skip to content
Snippets Groups Projects
Commit f025c6df authored by Pytgaen's avatar Pytgaen
Browse files

feat: remove unnecesary install when use poetry or pipenv

- trivy, sbom not install packages from project if use poetry, pipenv by take advantage of lockfile
parent 85155d6e
No related branches found
No related tags found
No related merge requests found
......@@ -1169,7 +1169,6 @@ py-trivy:
dependencies: []
script:
- mkdir -p -m 777 reports
- install_requirements
- |
if [[ -z "$PYTHON_TRIVY_DIST_URL" ]]
then
......@@ -1190,15 +1189,17 @@ py-trivy:
mv ./trivy $python_trivy
fi
- |
if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
then
# When using Poetry, `pip freeze` outputs a requirements.txt with @file URLs for each wheel
# These @file URLs in requirements.txt are not supported by Trivy
# So instead of simply using pip freeze, we use `poetry export`
poetry export -f requirements.txt --without-hashes --output reports/requirements.txt
else
case "$PYTHON_BUILD_SYSTEM" in
poetry*|pipenv*)
log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
cp poetry.lock Pipfile.lock ./reports 2>/dev/null || true
;;
*)
log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
install_requirements
_pip freeze | tee ./reports/requirements.txt
fi
;;
esac
if [[ -f "./requirements.txt" ]]
then
sort -u ./requirements.txt | grep -v "^[ ]*$" > ./requirements.txt.sorted
......@@ -1238,10 +1239,14 @@ py-sbom:
needs: []
script:
- mkdir -p -m 777 reports
- install_requirements
- |
case "$PYTHON_BUILD_SYSTEM" in
setuptools*|reqfile)
poetry*|pipenv*)
log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
;;
*)
log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
install_requirements
_pip freeze > "${PYTHON_REQS_FILE}"
;;
esac
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment