From 942b0bf1b5ced041fbb9a68599b16fb8a62b6410 Mon Sep 17 00:00:00 2001 From: Cristian Silva Date: Mon, 8 Apr 2024 17:33:48 +0200 Subject: [PATCH 1/2] Enabling Poetry and Python to be provided via GitHub Actions and fixing CycloneDX command line --- .github/workflows/build.yml | 17 +++++++++++++---- plugins/dependency-checker/README.md | 15 ++++++++++++++- .../python/PythonDependencyGenerator.java | 2 +- .../python/PythonPoetryDependencyGenerator.java | 4 +--- .../sauron/plugins/DependencyCheckerTest.java | 9 +-------- .../src/test/resources/bin/python | 3 --- sauron-service/Dockerfile | 3 +++ 7 files changed, 33 insertions(+), 20 deletions(-) delete mode 100755 plugins/dependency-checker/src/test/resources/bin/python diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 512242f..2821481 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,13 +1,10 @@ name: Build - on: pull_request: branches: - main - jobs: build: - runs-on: ubuntu-latest steps: @@ -25,5 +22,17 @@ jobs: key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.11.4" + - run: python --version + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v8 + with: + poetry-version: "1.1.7" + - run: poetry --version + - name: Build with Maven and run the tests - run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true + run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true \ No newline at end of file diff --git a/plugins/dependency-checker/README.md b/plugins/dependency-checker/README.md index 1ac342c..5a8d793 100644 --- a/plugins/dependency-checker/README.md +++ b/plugins/dependency-checker/README.md @@ -33,4 +33,17 @@ dependency. The list of dependencies is stored in a different index pattern `dep performance improvement. *Note*: Dependencies with `.` in artifact id, will have this character replaced by `_` to avoid mapping conflicts -in Elasticsearch. See this [issue](https://github.com/elastic/kibana/issues/3540#issuecomment-219808228) for more details. \ No newline at end of file +in Elasticsearch. See this [issue](https://github.com/elastic/kibana/issues/3540#issuecomment-219808228) for more details. + + +### Running locally + +Tu run this plugin locally the below dependencies are required: +* Python +```bash +brew install python@3.11.4 +``` +* Poetry +```bash +brew python -m pip install poetry==1.1.7 +``` \ No newline at end of file diff --git a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java index acd94c7..c3d5583 100644 --- a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java +++ b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java @@ -15,7 +15,7 @@ public abstract class PythonDependencyGenerator extends DependencyGenerator { protected static final String REQUIREMENTS_FREEZE_FILE = "requirements.freeze"; protected static final String PIP_INSTALL_CYCLONE_DX_BOM = "python -m pip install --target env cyclonedx-bom"; - protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py -r -i ../" + REQUIREMENTS_FREEZE_FILE + " -o ../bom.xml"; + protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py requirements ../" + REQUIREMENTS_FREEZE_FILE + " --of XML -o ../bom.xml"; protected static final String PYTHON_VIRTUAL_ENV_CREATE = "-m venv ."; protected static final String PYTHON_VIRTUAL_ENV_ACTIVATE = "source bin/activate"; protected static final String PYTHON_VIRTUAL_ENV_DEACTIVATE = "deactivate"; diff --git a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java index a8cecbe..5041fd0 100644 --- a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java +++ b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java @@ -14,8 +14,7 @@ @Slf4j public class PythonPoetryDependencyGenerator extends PythonDependencyGenerator { - private static final String PIP_INSTALL_POETRY = "python -m pip install poetry==1.1.15"; - private static final String POETRY_EXPORT = "python -m poetry export --output requirements.freeze --without-hashes"; + private static final String POETRY_EXPORT = "poetry export --output requirements.freeze --without-hashes"; public PythonPoetryDependencyGenerator(PluginsConfigurationProperties properties) @@ -35,7 +34,6 @@ protected void generateRequirementsFreeze(Path repositoryPath) .commandline( List.of(BIN_BASH, BASH_C_OPTION, PYTHON_VIRTUAL_ENV_ACTIVATE + AND + - PIP_INSTALL_POETRY + AND + POETRY_EXPORT + AND + PIP_INSTALL_CYCLONE_DX_BOM + AND + GO_TO_ENV + AND + CYCLONE_DX_GENERATE_BOM + AND + diff --git a/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java b/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java index 9c7c516..be7c105 100644 --- a/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java +++ b/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java @@ -234,13 +234,6 @@ private PluginsConfigurationProperties createNodeJsPluginConfigurationProperties private PluginsConfigurationProperties createPythonPluginConfigurationProperties() { - ClassLoader classLoader = getClass().getClassLoader(); - PluginsConfigurationProperties properties = new PluginsConfigurationProperties(); - properties.put("dependency-checker", Map.of( - "python", Map.of( - "path", Objects.requireNonNull(classLoader.getResource("bin/python")).getPath() - ) - )); - return properties; + return new PluginsConfigurationProperties(); } } diff --git a/plugins/dependency-checker/src/test/resources/bin/python b/plugins/dependency-checker/src/test/resources/bin/python deleted file mode 100755 index 7796680..0000000 --- a/plugins/dependency-checker/src/test/resources/bin/python +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -docker run --rm -v $PWD:/wrk -e PYTHONPATH=/wrk/env -w /wrk python:3.11-bookworm python $@ diff --git a/sauron-service/Dockerfile b/sauron-service/Dockerfile index 3618443..a24d2ee 100644 --- a/sauron-service/Dockerfile +++ b/sauron-service/Dockerfile @@ -59,6 +59,9 @@ RUN python -m pip install poetry==1.1.7 # Upgrade Pip RUN python -m pip install --upgrade pip +# Enabling Poetry to be used without need of full path +RUN ln -s ~/.pyenv/versions/"$PYTHON_VERSION"/bin/poetry /usr/local/bin/poetry + RUN mkdir /root/.m2 VOLUME /root/.m2 From 199a20a07dc6ad5880a95dda2dacf0491702850b Mon Sep 17 00:00:00 2001 From: Cristian Silva Date: Tue, 9 Apr 2024 15:34:06 +0200 Subject: [PATCH 2/2] fix typo --- plugins/dependency-checker/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/dependency-checker/README.md b/plugins/dependency-checker/README.md index 5a8d793..4fe4856 100644 --- a/plugins/dependency-checker/README.md +++ b/plugins/dependency-checker/README.md @@ -38,12 +38,12 @@ in Elasticsearch. See this [issue](https://github.com/elastic/kibana/issues/3540 ### Running locally -Tu run this plugin locally the below dependencies are required: +This plugin requires the below dependencies to be executed locally: * Python ```bash brew install python@3.11.4 ``` * Poetry ```bash -brew python -m pip install poetry==1.1.7 +python -m pip install poetry==1.1.7 ``` \ No newline at end of file