feat: Support setup.py & Pipfile dependencies in the python docker images #925
Conversation
ghost
requested review from
lili2311
force-pushed
the
feat/support-setup-py-docker
branch
from
21b91a8 to
c210602
Compare
| echo "Target file = ${TARGET_FILE}" | ||
|
|
||
| case $MANIFEST_NAME in | ||
| *req*.txt) |
There was a problem hiding this comment.
support custom named requirement files
| *setup.py) | ||
| echo "Installing dependencies from setup.py" | ||
| pip install -U -e "${PROJECT_PATH}" | ||
| ;; |
lili2311
force-pushed
the
feat/support-setup-py-docker
branch
from
40671f7 to
fb442df
Compare
lili2311
changed the title
lili2311
force-pushed
the
feat/support-setup-py-docker
branch
from
1572d67 to
67c926b
Compare
README.md
Outdated
| @@ -81,37 +85,52 @@ The general format of tags is [snyk-version]-[package-manager]-[package-manager- | |||
| [package-manager] - One of the available package managers (e.g: npm, mvn, gradle, etc...). | |||
| [package-manager-version] - The version of the package manager that is installed inside the image. | |||
|
|
|||
| Please see the following examples on how to run Snyk inside docker: | |||
|
|
|||
| **Note** We will need to mount the project root folder when running the image so that Snyk can access the code within the container. The host project folder will be mounted to `/project` on the container and will be used to read the dependencies file and write results for CI builds. | |||
There was a problem hiding this comment.
'Tone of voice' comment - using we is kind of an exception in this text. I suggest to avoid it as it is confusing. The documentation should be read as a set of instructions, less of a story?
| @@ -70,9 +72,11 @@ The following environment variables can be used when running the container on do | |||
|
|
|||
| - `SNYK_TOKEN` - Snyk API token, obtained from [https://app.snyk.io/account](https://app.snyk.io/account). | |||
| - `USER_ID` - [OPTIONAL] Current user ID on the host machine. If not provided will take the user ID of the currently running user inside the container. This is used for CI builds such as Jenkins where we are running with a non-privileged user and want to allow the user to access the mounted project folder. | |||
| - `MONITOR` - [OPTIONAL] If set, tells the image that we want to run `snyk monitor` after running `snyk test`. | |||
| - `MONITOR` - [OPTIONAL] If set, will generate an html report via `snyk-to-html` and runs `snyk monitor` after running `snyk test`. | |||
There was a problem hiding this comment.
Yes, much better! More consistent tone of voice, I find the use of we confusing.
README.md
Outdated
| -v "<PROJECT_DIRECTORY>:/project" | ||
| snyk/snyk-cli:npm test --org=my-org-name | ||
| ``` | ||
| `snyk/snyk-cli:npm` - [see all available `npm` tagged images](https://hub.docker.com/r/snyk/snyk-cli/tags?page=1&name=npm) |
There was a problem hiding this comment.
Wonderful reference to the relevant tags!
| @@ -101,6 +101,7 @@ fi | |||
| runCmdAsDockerUser "touch \"${PROJECT_PATH}/${PROJECT_FOLDER}/${HTML_FILE}\"" | |||
|
|
|||
| if [ -n "$MONITOR" ]; then | |||
| echo "Monitoring & generating report ..." | |||
There was a problem hiding this comment.
This may mess up with our CI plugins logic, which parses the output of this script. Please consult with @snyk/comet
| elif [ -f "${PROJECT_PATH}/Pipfile" ]; then | ||
| installPipfileDeps | ||
| fi | ||
|
|
There was a problem hiding this comment.
The echo lines along this script are great for debugging, but may interfere with our own (or our users') parsing logic that processes the output of this script. Maybe @julienduchesne can shed some light, along with @snyk/comet ?
There was a problem hiding this comment.
Confirmed here this will have no effect https://snyk.slack.com/archives/CHAB91L0N/p1578258775055200?thread_ts=1578073050.054200&cid=CHAB91L0N
lili2311
force-pushed
the
feat/support-setup-py-docker
branch
2 times, most recently
from
3595bc1 to
b64312f
Compare
lili2311
force-pushed
the
feat/support-setup-py-docker
branch
from
b64312f to
7623659
Compare
lili2311
force-pushed
the
feat/support-setup-py-docker
branch
from
7623659 to
a0293d0
Compare
`snyk test` and `snyk monitor` via Docker cli expect to have json vulnerabilities data to generate the report. Make `--json` hardcoded to avoid parsing errors and match the default expecation.
|
🎉 This PR is included in version 1.284.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What does this PR do?
How should this be manually tested?
Check the updated README for more examples:
Build the local image from the docker dir:
docker build -f Dockerfile.python-3 . -t snyk/snyk-cli:python-3-localRun on a
setup.pyproject:Tickets
https://github.com/snyk/snyk/issues/786
https://github.com/snyk/snyk/issues/332