Skip to content
Snippets Groups Projects
Commit f025c6df authored by Pytgaen's avatar Pytgaen
Browse files

feat: remove unnecesary install when use poetry or pipenv

- trivy, sbom not install packages from project if use poetry, pipenv by take advantage of lockfile
parent 85155d6e
Branches
Tags
No related merge requests found
...@@ -1169,7 +1169,6 @@ py-trivy: ...@@ -1169,7 +1169,6 @@ py-trivy:
dependencies: [] dependencies: []
script: script:
- mkdir -p -m 777 reports - mkdir -p -m 777 reports
- install_requirements
- | - |
if [[ -z "$PYTHON_TRIVY_DIST_URL" ]] if [[ -z "$PYTHON_TRIVY_DIST_URL" ]]
then then
...@@ -1190,15 +1189,17 @@ py-trivy: ...@@ -1190,15 +1189,17 @@ py-trivy:
mv ./trivy $python_trivy mv ./trivy $python_trivy
fi fi
- | - |
if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]] case "$PYTHON_BUILD_SYSTEM" in
then poetry*|pipenv*)
# When using Poetry, `pip freeze` outputs a requirements.txt with @file URLs for each wheel log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
# These @file URLs in requirements.txt are not supported by Trivy cp poetry.lock Pipfile.lock ./reports 2>/dev/null || true
# So instead of simply using pip freeze, we use `poetry export` ;;
poetry export -f requirements.txt --without-hashes --output reports/requirements.txt *)
else log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
install_requirements
_pip freeze | tee ./reports/requirements.txt _pip freeze | tee ./reports/requirements.txt
fi ;;
esac
if [[ -f "./requirements.txt" ]] if [[ -f "./requirements.txt" ]]
then then
sort -u ./requirements.txt | grep -v "^[ ]*$" > ./requirements.txt.sorted sort -u ./requirements.txt | grep -v "^[ ]*$" > ./requirements.txt.sorted
...@@ -1238,10 +1239,14 @@ py-sbom: ...@@ -1238,10 +1239,14 @@ py-sbom:
needs: [] needs: []
script: script:
- mkdir -p -m 777 reports - mkdir -p -m 777 reports
- install_requirements
- | - |
case "$PYTHON_BUILD_SYSTEM" in case "$PYTHON_BUILD_SYSTEM" in
setuptools*|reqfile) poetry*|pipenv*)
log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"
;;
*)
log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"
install_requirements
_pip freeze > "${PYTHON_REQS_FILE}" _pip freeze > "${PYTHON_REQS_FILE}"
;; ;;
esac esac
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment