From 755f81c3f0e3c1503803b32e918cfdafb08ef345 Mon Sep 17 00:00:00 2001 From: Neal Richardson Date: Mon, 21 Jul 2025 16:54:35 -0400 Subject: [PATCH 1/5] ci: update requirements.txt for snyk --- pyproject.toml | 1 + requirements.txt | 26 ++------------------------ 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 7768298e..cdcb382d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,6 +7,7 @@ license = { file = "LICENSE.md" } readme = { file = "README.md", content-type = "text/markdown" } requires-python = ">=3.8" +# If you edit these, please also update requirements.txt dependencies = [ "typing-extensions>=4.8.0", "pip>=10.0.0", diff --git a/requirements.txt b/requirements.txt index e317b35b..128dec71 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,30 +3,8 @@ # unless it uses Poetry. # https://github.com/snyk/snyk-python-plugin/issues/147 -# build-system.requires -setuptools>=61 -setuptools_scm[toml]>=3.4 -wheel - -# project.dependencies -six>=1.14.0 click>=8.0.0 pip>=10.0.0 -semver>=2.0.0,<3.0.0 pyjwt>=2.4.0 -black==24.3.0 - -# project.optional-dependencies.test -coverage -flake8-pyproject -flake8 -httpretty -ipykernel -nbconvert -pyright -pytest-cov -pytest -setuptools_scm[toml] -twine -types-Flask -types-six +semver>=2.0.0,<4.0.0 +typing-extensions>=4.8.0 From 8646d8b0027fb618ed95372daf607691647ae222 Mon Sep 17 00:00:00 2001 From: Neal Richardson Date: Tue, 22 Jul 2025 10:33:49 -0400 Subject: [PATCH 2/5] Generate requirements.txt on the fly in the snyk workflow --- .github/workflows/snyk.yml | 34 +++++++++++----------------------- pyproject.toml | 1 - requirements.txt | 10 ---------- 3 files changed, 11 insertions(+), 34 deletions(-) delete mode 100644 requirements.txt diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index a9f704fb..520e6fb7 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -3,6 +3,10 @@ on: schedule: - cron: "0 10 * * 1" # Monday @ 10am UTC workflow_dispatch: + push: + paths: + - pyproject.toml + - '.github/workflows/snyk.yml' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -12,33 +16,17 @@ jobs: snyk-monitor: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - # - name: Run Snyk (setup.py) - # uses: snyk/actions/python@master - # with: - # command: monitor - # args: --file=setup.py --package-manager=pip --project-name=setup.py --org=${{ env.SNYK_ORG }} + - uses: actions/checkout@v4 - # - name: Run Snyk (requirements.txt) - # uses: snyk/actions/python@master - # with: - # command: monitor - # args: --file=requirements.txt --package-manager=pip --project-name=requirements.txt --org=${{ env.SNYK_ORG }} - - # On Oct 2 2023, the steps using snyk/actions/python@master started failing with "undefined". - # Nothing obvious changed in our code or in the Snyk action or Docker image. - # Setting up and running snyk generically seems to work, so we'll go with that. - - name: Set up Python - uses: actions/setup-python@v4 + - name: Set up uv and Python + uses: astral-sh/setup-uv@v6 with: python-version: '3.11' - - name: Install dependencies + + - name: Prepare requirements.txt run: | - python -m pip install --upgrade pip - pip install -r requirements.txt + uv pip compile pyproject.toml --output-file requirements.txt + uv pip install -r requirements.txt - uses: snyk/actions/setup@master diff --git a/pyproject.toml b/pyproject.toml index cdcb382d..7768298e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,6 @@ license = { file = "LICENSE.md" } readme = { file = "README.md", content-type = "text/markdown" } requires-python = ">=3.8" -# If you edit these, please also update requirements.txt dependencies = [ "typing-extensions>=4.8.0", "pip>=10.0.0", diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 128dec71..00000000 --- a/requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -# This file is just for Snyk scanning, -# because it doesn't understand pyproject.toml -# unless it uses Poetry. -# https://github.com/snyk/snyk-python-plugin/issues/147 - -click>=8.0.0 -pip>=10.0.0 -pyjwt>=2.4.0 -semver>=2.0.0,<4.0.0 -typing-extensions>=4.8.0 From 2d38200415b25c68b4442378f788e08a42c74d0b Mon Sep 17 00:00:00 2001 From: Neal Richardson Date: Tue, 22 Jul 2025 10:37:01 -0400 Subject: [PATCH 3/5] Install into system lib --- .github/workflows/snyk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 520e6fb7..4c3b5364 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -26,7 +26,7 @@ jobs: - name: Prepare requirements.txt run: | uv pip compile pyproject.toml --output-file requirements.txt - uv pip install -r requirements.txt + uv pip install --system -r requirements.txt - uses: snyk/actions/setup@master From 123e4a63ac379c5d0c39a2af2a7b8c8611a09884 Mon Sep 17 00:00:00 2001 From: Neal Richardson Date: Tue, 22 Jul 2025 10:44:05 -0400 Subject: [PATCH 4/5] activate-environment: true --- .github/workflows/snyk.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 4c3b5364..2425aac8 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -22,11 +22,12 @@ jobs: uses: astral-sh/setup-uv@v6 with: python-version: '3.11' + activate-environment: true - name: Prepare requirements.txt run: | uv pip compile pyproject.toml --output-file requirements.txt - uv pip install --system -r requirements.txt + uv pip install -r requirements.txt - uses: snyk/actions/setup@master From 434e7959e8d9cd54f6ea746361ceab51737093e0 Mon Sep 17 00:00:00 2001 From: Neal Richardson Date: Tue, 22 Jul 2025 13:19:40 -0400 Subject: [PATCH 5/5] Restore requirements.txt --- requirements.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..722566f0 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,32 @@ +# TODO(#649): this file shouldn't exist, but there currently are some +# integration test suites that rely on it. The integration tests deserve to be +# overhauled along the lines of the posit-sdk-py tests, so we can clean this up +# when we do that. + +# build-system.requires +setuptools>=61 +setuptools_scm[toml]>=3.4 +wheel + +# project.dependencies +six>=1.14.0 +click>=8.0.0 +pip>=10.0.0 +semver>=2.0.0,<3.0.0 +pyjwt>=2.4.0 +black==24.3.0 + +# project.optional-dependencies.test +coverage +flake8-pyproject +flake8 +httpretty +ipykernel +nbconvert +pyright +pytest-cov +pytest +setuptools_scm[toml] +twine +types-Flask +types-six