From beafa2520011249372914e7a74f3efb3f198c405 Mon Sep 17 00:00:00 2001 From: Cristian Silva Date: Mon, 8 Apr 2024 17:33:48 +0200 Subject: [PATCH] Enabling Poetry and Python to be provided via GitHub Actions and fixing CycloneDX command line --- .github/workflows/build.yml | 17 +++++++++++++---- .../python/PythonDependencyGenerator.java | 2 +- .../python/PythonPoetryDependencyGenerator.java | 4 +--- .../sauron/plugins/DependencyCheckerTest.java | 9 +-------- .../src/test/resources/bin/python | 3 --- sauron-service/Dockerfile | 3 +++ 6 files changed, 19 insertions(+), 19 deletions(-) delete mode 100755 plugins/dependency-checker/src/test/resources/bin/python diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 512242f..2821481 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,13 +1,10 @@ name: Build - on: pull_request: branches: - main - jobs: build: - runs-on: ubuntu-latest steps: @@ -25,5 +22,17 @@ jobs: key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.11.4" + - run: python --version + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v8 + with: + poetry-version: "1.1.7" + - run: poetry --version + - name: Build with Maven and run the tests - run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true + run: mvn --batch-mode --update-snapshots verify -Dgpg.skip=true \ No newline at end of file diff --git a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java index acd94c7..c3d5583 100644 --- a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java +++ b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonDependencyGenerator.java @@ -15,7 +15,7 @@ public abstract class PythonDependencyGenerator extends DependencyGenerator { protected static final String REQUIREMENTS_FREEZE_FILE = "requirements.freeze"; protected static final String PIP_INSTALL_CYCLONE_DX_BOM = "python -m pip install --target env cyclonedx-bom"; - protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py -r -i ../" + REQUIREMENTS_FREEZE_FILE + " -o ../bom.xml"; + protected static final String CYCLONE_DX_GENERATE_BOM = "python -m cyclonedx_py requirements ../" + REQUIREMENTS_FREEZE_FILE + " --of XML -o ../bom.xml"; protected static final String PYTHON_VIRTUAL_ENV_CREATE = "-m venv ."; protected static final String PYTHON_VIRTUAL_ENV_ACTIVATE = "source bin/activate"; protected static final String PYTHON_VIRTUAL_ENV_DEACTIVATE = "deactivate"; diff --git a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java index a8cecbe..5041fd0 100644 --- a/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java +++ b/plugins/dependency-checker/src/main/java/com/freenow/sauron/plugins/generator/python/PythonPoetryDependencyGenerator.java @@ -14,8 +14,7 @@ @Slf4j public class PythonPoetryDependencyGenerator extends PythonDependencyGenerator { - private static final String PIP_INSTALL_POETRY = "python -m pip install poetry==1.1.15"; - private static final String POETRY_EXPORT = "python -m poetry export --output requirements.freeze --without-hashes"; + private static final String POETRY_EXPORT = "poetry export --output requirements.freeze --without-hashes"; public PythonPoetryDependencyGenerator(PluginsConfigurationProperties properties) @@ -35,7 +34,6 @@ protected void generateRequirementsFreeze(Path repositoryPath) .commandline( List.of(BIN_BASH, BASH_C_OPTION, PYTHON_VIRTUAL_ENV_ACTIVATE + AND + - PIP_INSTALL_POETRY + AND + POETRY_EXPORT + AND + PIP_INSTALL_CYCLONE_DX_BOM + AND + GO_TO_ENV + AND + CYCLONE_DX_GENERATE_BOM + AND + diff --git a/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java b/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java index 9c7c516..be7c105 100644 --- a/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java +++ b/plugins/dependency-checker/src/test/java/com/freenow/sauron/plugins/DependencyCheckerTest.java @@ -234,13 +234,6 @@ private PluginsConfigurationProperties createNodeJsPluginConfigurationProperties private PluginsConfigurationProperties createPythonPluginConfigurationProperties() { - ClassLoader classLoader = getClass().getClassLoader(); - PluginsConfigurationProperties properties = new PluginsConfigurationProperties(); - properties.put("dependency-checker", Map.of( - "python", Map.of( - "path", Objects.requireNonNull(classLoader.getResource("bin/python")).getPath() - ) - )); - return properties; + return new PluginsConfigurationProperties(); } } diff --git a/plugins/dependency-checker/src/test/resources/bin/python b/plugins/dependency-checker/src/test/resources/bin/python deleted file mode 100755 index 7796680..0000000 --- a/plugins/dependency-checker/src/test/resources/bin/python +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -docker run --rm -v $PWD:/wrk -e PYTHONPATH=/wrk/env -w /wrk python:3.11-bookworm python $@ diff --git a/sauron-service/Dockerfile b/sauron-service/Dockerfile index 3618443..a24d2ee 100644 --- a/sauron-service/Dockerfile +++ b/sauron-service/Dockerfile @@ -59,6 +59,9 @@ RUN python -m pip install poetry==1.1.7 # Upgrade Pip RUN python -m pip install --upgrade pip +# Enabling Poetry to be used without need of full path +RUN ln -s ~/.pyenv/versions/"$PYTHON_VERSION"/bin/poetry /usr/local/bin/poetry + RUN mkdir /root/.m2 VOLUME /root/.m2