feat: remove unnecesary install when use poetry or pipenv

- trivy, sbom not install packages from project if use poetry, pipenv by take advantage of lockfile

templates/gitlab-ci-python.yml

@@ -1169,7 +1169,6 @@ py-trivy:
   dependencies: []
   script:
     - mkdir -p -m 777 reports
-    - install_requirements
     - |
       if [[ -z "$PYTHON_TRIVY_DIST_URL" ]]
       then
@@ -1190,15 +1189,17 @@ py-trivy:
         mv ./trivy $python_trivy
       fi  
     - |
-      if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]
-      then
-        # When using Poetry, `pip freeze` outputs a requirements.txt with @file URLs for each wheel
-        # These @file URLs in requirements.txt are not supported by Trivy
-        # So instead of simply using pip freeze, we use `poetry export`
-        poetry export -f requirements.txt --without-hashes --output reports/requirements.txt
-      else
+      case "$PYTHON_BUILD_SYSTEM" in
+        poetry*|pipenv*)
+          log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
+          cp poetry.lock Pipfile.lock ./reports 2>/dev/null || true
+          ;;
+        *)
+          log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
+          install_requirements
           _pip freeze | tee ./reports/requirements.txt
-      fi
+          ;;
+      esac
       if [[ -f "./requirements.txt" ]]
       then
         sort -u ./requirements.txt | grep -v "^[  ]*$" > ./requirements.txt.sorted
@@ -1238,10 +1239,14 @@ py-sbom:
   needs: []
   script:
     - mkdir -p -m 777 reports
-    - install_requirements
     - |
       case "$PYTHON_BUILD_SYSTEM" in
-        setuptools*|reqfile)
+        poetry*|pipenv*)
+          log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
+          ;;
+        *)
+          log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
+          install_requirements
           _pip freeze > "${PYTHON_REQS_FILE}"
           ;;
       esac