Enabling Poetry and Python to be provided via GitHub Actions and fixi…

…ng CycloneDX command line

.github/workflows/build.yml

@@ -1,13 +1,10 @@
 name: Build
-
 on:
   pull_request:
     branches:
       - main
-
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
@@ -25,5 +22,17 @@ jobs:
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11.4"
+        run: python --version
+
+      - name: Set up Poetry
+        uses: Gr1N/setup-poetry@v8
+        with:
+          poetry-version: "1.1.7"
+        run: poetry --version
+
       - name: Build with Maven and run the tests
-        run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true
+        run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true

plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java

@@ -15,7 +15,7 @@ public abstract class PythonDependencyGenerator extends DependencyGenerator
 {
     protected static final String REQUIREMENTS_FREEZE_FILE = "requirements.freeze";
     protected static final String PIP_INSTALL_CYCLONE_DX_BOM = "python -m pip install --target env cyclonedx-bom";
-    protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py -r -i ../" + REQUIREMENTS_FREEZE_FILE + " -o ../bom.xml";
+    protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py requirements ../" + REQUIREMENTS_FREEZE_FILE + " --of XML -o ../bom.xml";
     protected static final String PYTHON_VIRTUAL_ENV_CREATE = "-m venv .";
     protected static final String PYTHON_VIRTUAL_ENV_ACTIVATE = "source bin/activate";
     protected static final String PYTHON_VIRTUAL_ENV_DEACTIVATE = "deactivate";

plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java

@@ -14,8 +14,7 @@
 @Slf4j
 public class PythonPoetryDependencyGenerator extends PythonDependencyGenerator
 {
-    private static final String PIP_INSTALL_POETRY = "python -m pip install poetry==1.1.15";
-    private static final String POETRY_EXPORT = "python -m poetry export --output requirements.freeze --without-hashes";
+    private static final String POETRY_EXPORT = "poetry export --output requirements.freeze --without-hashes";
 
 
     public PythonPoetryDependencyGenerator(PluginsConfigurationProperties properties)
@@ -35,7 +34,6 @@ protected void generateRequirementsFreeze(Path repositoryPath)
                 .commandline(
                     List.of(BIN_BASH, BASH_C_OPTION,
                         PYTHON_VIRTUAL_ENV_ACTIVATE + AND +
-                        PIP_INSTALL_POETRY + AND +
                         POETRY_EXPORT + AND +
                         PIP_INSTALL_CYCLONE_DX_BOM + AND +
                         GO_TO_ENV + AND + CYCLONE_DX_GENERATE_BOM + AND +

plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java

@@ -234,13 +234,6 @@ private PluginsConfigurationProperties createNodeJsPluginConfigurationProperties
 
     private PluginsConfigurationProperties createPythonPluginConfigurationProperties()
     {
-        ClassLoader classLoader = getClass().getClassLoader();
-        PluginsConfigurationProperties properties = new PluginsConfigurationProperties();
-        properties.put("dependency-checker", Map.of(
-            "python", Map.of(
-                "path", Objects.requireNonNull(classLoader.getResource("bin/python")).getPath()
-            )
-        ));
-        return properties;
+        return new PluginsConfigurationProperties();
     }
 }

sauron-service/Dockerfile

@@ -59,6 +59,9 @@ RUN python -m pip install poetry==1.1.7
 # Upgrade Pip
 RUN python -m pip install --upgrade pip
 
+# Enabling Poetry to be used without need of full path 
+RUN ln -s ~/.pyenv/versions/"$PYTHON_VERSION"/bin/poetry /usr/local/bin/poetry
+
 RUN mkdir /root/.m2
 
 VOLUME /root/.m2