Merge pull request #166 from freenowtech/fix-python-poetry-installation

Fix Poetry and CycloneDX
freenowtech · Apr 10, 2024 · 6864808 · 6864808
2 parents 74eb4f4 + 199a20a
commit 6864808
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 20 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,13 +1,10 @@
 name: Build
-
 on:
   pull_request:
     branches:
       - main
-
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
@@ -25,5 +22,17 @@ jobs:
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11.4"
+      - run: python --version
+
+      - name: Set up Poetry
+        uses: Gr1N/setup-poetry@v8
+        with:
+          poetry-version: "1.1.7"
+      - run: poetry --version
+
       - name: Build with Maven and run the tests
-        run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true
+        run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true
diff --git a/plugins/dependency-checker/README.md b/plugins/dependency-checker/README.md
@@ -33,4 +33,17 @@ dependency. The list of dependencies is stored in a different index pattern `dep
 performance improvement.
 
 *Note*: Dependencies with `.` in artifact id, will have this character replaced by `_` to avoid mapping conflicts
-in Elasticsearch. See this [issue](https://github.com/elastic/kibana/issues/3540#issuecomment-219808228) for more details.
+in Elasticsearch. See this [issue](https://github.com/elastic/kibana/issues/3540#issuecomment-219808228) for more details.
+
+
+### Running locally
+
+This plugin requires the below dependencies to be executed locally:
+* Python
+```bash
+brew install [email protected] 
+``` 
+* Poetry
+```bash
+python -m pip install poetry==1.1.7
+```
diff --git a/.../src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java b/.../src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java
@@ -15,7 +15,7 @@ public abstract class PythonDependencyGenerator extends DependencyGenerator
 {
     protected static final String REQUIREMENTS_FREEZE_FILE = "requirements.freeze";
     protected static final String PIP_INSTALL_CYCLONE_DX_BOM = "python -m pip install --target env cyclonedx-bom";
-    protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py -r -i ../" + REQUIREMENTS_FREEZE_FILE + " -o ../bom.xml";
+    protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py requirements ../" + REQUIREMENTS_FREEZE_FILE + " --of XML -o ../bom.xml";
     protected static final String PYTHON_VIRTUAL_ENV_CREATE = "-m venv .";
     protected static final String PYTHON_VIRTUAL_ENV_ACTIVATE = "source bin/activate";
     protected static final String PYTHON_VIRTUAL_ENV_DEACTIVATE = "deactivate";

diff --git a/...ain/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java b/...ain/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java
@@ -14,8 +14,7 @@
 @Slf4j
 public class PythonPoetryDependencyGenerator extends PythonDependencyGenerator
 {
-    private static final String PIP_INSTALL_POETRY = "python -m pip install poetry==1.1.15";
-    private static final String POETRY_EXPORT = "python -m poetry export --output requirements.freeze --without-hashes";
+    private static final String POETRY_EXPORT = "poetry export --output requirements.freeze --without-hashes";
 
 
     public PythonPoetryDependencyGenerator(PluginsConfigurationProperties properties)
@@ -35,7 +34,6 @@ protected void generateRequirementsFreeze(Path repositoryPath)
                 .commandline(
                     List.of(BIN_BASH, BASH_C_OPTION,
                         PYTHON_VIRTUAL_ENV_ACTIVATE + AND +
-                        PIP_INSTALL_POETRY + AND +
                         POETRY_EXPORT + AND +
                         PIP_INSTALL_CYCLONE_DX_BOM + AND +
                         GO_TO_ENV + AND + CYCLONE_DX_GENERATE_BOM + AND +

diff --git a/...ns/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java b/...ns/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java
@@ -234,13 +234,6 @@ private PluginsConfigurationProperties createNodeJsPluginConfigurationProperties
 
     private PluginsConfigurationProperties createPythonPluginConfigurationProperties()
     {
-        ClassLoader classLoader = getClass().getClassLoader();
-        PluginsConfigurationProperties properties = new PluginsConfigurationProperties();
-        properties.put("dependency-checker", Map.of(
-            "python", Map.of(
-                "path", Objects.requireNonNull(classLoader.getResource("bin/python")).getPath()
-            )
-        ));
-        return properties;
+        return new PluginsConfigurationProperties();
     }
 }
diff --git a/plugins/dependency-checker/src/test/resources/bin/python b/plugins/dependency-checker/src/test/resources/bin/python
diff --git a/sauron-service/Dockerfile b/sauron-service/Dockerfile
@@ -59,6 +59,9 @@ RUN python -m pip install poetry==1.1.7
 # Upgrade Pip
 RUN python -m pip install --upgrade pip
 
+# Enabling Poetry to be used without need of full path 
+RUN ln -s ~/.pyenv/versions/"$PYTHON_VERSION"/bin/poetry /usr/local/bin/poetry
+
 RUN mkdir /root/.m2
 
 VOLUME /root/.m2