Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(python): add support for poetry dev dependencies #8152

Merged
merged 6 commits into from
Dec 24, 2024
Merged

feat(python): add support for poetry dev dependencies #8152

merged 6 commits into from
Dec 24, 2024

Conversation

nikpivkin
Copy link
Contributor

@nikpivkin nikpivkin commented Dec 21, 2024
edited
Loading

Description

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@nikpivkin
feat(python): add support for poetry dev dependencies
4ab4d2b 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin nikpivkin marked this pull request as ready for review December 24, 2024 06:20
DmitriyLewen
DmitriyLewen reviewed Dec 24, 2024
View reviewed changes
pkg/fanal/analyzer/language/python/poetry/poetry.go Outdated
Comment on lines 124 to 130
func getDevDeps(project pyproject.PyProject) set.Set[string] {
deps := set.New[string]()
for _, groupDeps := range project.Tool.Poetry.Groups {
deps.Append(groupDeps.Dependencies.Items()...)
}
return deps
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest 2 changes:

  1. rename function (see https://go.dev/doc/effective_go#Getters)
  2. move project.Tool.Poetry.Dependencies into function.
Suggested change
func getDevDeps(project pyproject.PyProject) set.Set[string] {
deps := set.New[string]()
for _, groupDeps := range project.Tool.Poetry.Groups {
deps.Append(groupDeps.Dependencies.Items()...)
}
return deps
}
func directDeps(project pyproject.PyProject) set.Set[string] {
deps := project.Tool.Poetry.Dependencies
for _, groupDeps := range project.Tool.Poetry.Groups {
deps.Append(groupDeps.Dependencies.Items()...)
}
return deps
}

pkg/fanal/analyzer/language/python/poetry/poetry.go Outdated
return deps
}

func getProdPackages(app *types.Application, prodRootDeps set.Set[string]) set.Set[string] {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func getProdPackages(app *types.Application, prodRootDeps set.Set[string]) set.Set[string] {
func prodPackages(app *types.Application, prodRootDeps set.Set[string]) set.Set[string] {

docs/docs/coverage/language/python.md Outdated
@@ -26,7 +26,7 @@ The following table provides an outline of the features Trivy offers.
|-----------------|------------------|:-----------------------:|:----------------:|:------------------------------------:|:--------:|:----------------------------------------:|
| pip | requirements.txt | - | Include | - | ✓ | ✓ |
| Pipenv | Pipfile.lock | ✓ | Include | - | ✓ | Not needed |
| Poetry | poetry.lock | ✓ | Exclude | ✓ | - | Not needed |
| Poetry | poetry.lock | ✓ | Include | ✓ | - | Not needed |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

link for Include (#8134 (comment))

@nikpivkin
refactor: rename functions
71743c1 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin
docs: link table and poetry section
05bb7bd 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
DmitriyLewen
DmitriyLewen approved these changes Dec 24, 2024
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

knqyf263
knqyf263 reviewed Dec 24, 2024
View reviewed changes
docs/docs/coverage/language/python.md Outdated
@@ -26,7 +26,7 @@ The following table provides an outline of the features Trivy offers.
|-----------------|------------------|:-----------------------:|:----------------:|:------------------------------------:|:--------:|:----------------------------------------:|
| pip | requirements.txt | - | Include | - | ✓ | ✓ |
| Pipenv | Pipfile.lock | ✓ | Include | - | ✓ | Not needed |
| Poetry | poetry.lock | ✓ | Exclude | ✓ | - | Not needed |
| Poetry | poetry.lock | ✓ | [Include](#poetry) | ✓ | - | Not needed |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto
#8134 (comment)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed b5bafda

@nikpivkin
fix python docs
b5bafda 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
knqyf263
knqyf263 approved these changes Dec 24, 2024
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@knqyf263 knqyf263 enabled auto-merge December 24, 2024 12:09
@knqyf263 knqyf263 added this pull request to the merge queue Dec 24, 2024
Merged via the queue into aquasecurity:main with commit 774e04d Dec 24, 2024
17 checks passed
@aqua-bot aqua-bot mentioned this pull request Dec 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nikpivkin @knqyf263 @DmitriyLewen