Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use poetry instead of pipenv #1463

Merged
merged 9 commits into from
Jul 20, 2023
Merged

chore: use poetry instead of pipenv #1463

merged 9 commits into from
Jul 20, 2023

Conversation

yungbender
Copy link

@yungbender yungbender commented Jul 18, 2023
edited
Loading

The generated requirements.txt file in the container is locked by hashes:

poetry.lock:

...
[[package]]
name = "werkzeug"
version = "2.3.6"
description = "The comprehensive WSGI web application library."
optional = false
python-versions = ">=3.8"
files = [
    {file = "Werkzeug-2.3.6-py3-none-any.whl", hash = "sha256:935539fa1413afbb9195b24880778422ed620c0fc09670945185cce4d91a8890"},
    {file = "Werkzeug-2.3.6.tar.gz", hash = "sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330"},
]
...

generated requirements.txt:

...
werkzeug==2.3.6 ; python_version >= "3.8" and python_version < "4.0" \
    --hash=sha256:935539fa1413afbb9195b24880778422ed620c0fc09670945185cce4d91a8890 \
    --hash=sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330
...

Also, I dropped the CVE check from the tests and put it into new github actions to have it more granular.

Secure Coding Practices Checklist GitHub Link

Secure Coding Checklist

  • Input Validation
  • Output Encoding
  • Authentication and Password Management
  • Session Management
  • Access Control
  • Cryptographic Practices
  • Error Handling and Logging
  • Data Protection
  • Communication Security
  • System Configuration
  • Database Security
  • File Management
  • Memory Management
  • General Coding Practices

@jira-linking
Copy link

jira-linking bot commented Jul 18, 2023
edited
Loading

Commits missing Jira IDs:
fdcd0c8
f52cfff
40ac6f7
0cd0ab2
81b54a9
Referenced Jiras:
https://issues.redhat.com/browse/VULN-2736

@yungbender yungbender force-pushed the poetry branch 3 times, most recently from c930ba0 to 24a8d59 Compare July 18, 2023 11:34
@yungbender yungbender changed the title chore: use poetry chore: use poetry instead of pipenv Jul 18, 2023
@codecov-commenter
Copy link

codecov-commenter commented Jul 18, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (744fe73) 67.76% compared to head (baf2406) 67.76%.

❗ Current head baf2406 differs from pull request most recent head 81b54a9. Consider uploading reports for the commit 81b54a9 to get more accurate results

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1463   +/-   ##
=======================================
  Coverage   67.76%   67.76%           
=======================================
  Files          53       53           
  Lines        5348     5348           
=======================================
  Hits         3624     3624           
  Misses       1724     1724
Impacted Files Coverage Δ
common/constants.py 93.33% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@yungbender yungbender requested review from jdobes and psegedy and removed request for jdobes July 18, 2023 13:00
@yungbender yungbender force-pushed the poetry branch 4 times, most recently from 7a51ed0 to 6d5efa9 Compare July 19, 2023 14:59
jdobes
jdobes requested changes Jul 20, 2023
View reviewed changes
scripts/poetry-lock.sh Show resolved Hide resolved
@yungbender yungbender force-pushed the poetry branch 3 times, most recently from 63286de to a8026bc Compare July 20, 2023 11:56
@yungbender yungbender merged commit fd1dc0e into RedHatInsights:master Jul 20, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdobes jdobes jdobes requested changes

@psegedy psegedy psegedy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yungbender @codecov-commenter @jdobes @psegedy