feat: get output of pip commands from env variables #92
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
zvigrinberg
force-pushed
the
feature/pip-externalize-freeze-and-show
branch
from
b72d4ae to
311d9aa
Compare
Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
2 tasks
zvigrinberg
added a commit
to guacsec/trustify-da-java-client
that referenced
this pull request
Feb 5, 2024
Implement guacsec/trustify-da-javascript-client#92 for Java-API Developed to Ease and make life easier for running rhda analysis for python pip requirements.txt manifest, as every requirements.txt with certain versions for its package is tailored for a certain python version. This enables separating the installation of the requirements.txt from the machine that runs the RHDA analysis ( will be used mainly from jenkins pipelines together with RHDA Jenkins pipeline). Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
For CI/CD pipelines, it's a lot of times better to install requirements.txt manifest in a dedicated agent/slave/computer/container that contains the desired python & pip versions, and invoke the rhda analysis in different agent/slave/computer/container ( let's denote it as "node") - that contains the whole infrastructure required to invoke the analysis alone ( including python and pip binaries, but the problem is that it "stuck" with a given versions of python and pip in this node, hence very limited to the versions of packages in requirements.txt).
For that purpose, and in such cases that we need to separate the analysis and the pip install to run in different steps/stages and even on different nodes, this PR introduces two environment variables, these two env variables will need to be populated with the output of the commands (pip show and pip freeze commands) encoded in base64 ( in order to preserve new lines in environment variables, the library will decode it to ASCII plain-text before passing it to the logic of the API).
Example how to retrieve in shell script:
needs to work together with setting EXHORT_PYTHON_VIRTUAL_ENV=false ( this is the default so not specifying this setting is just fine).
Off course, you need to use pipelines workspaces/shared volumes/pipes/fifos/ ipc shared memory/networking in order to pass the data from one node to another.
in case the two new environment variables are not populated, then the logic will be the same ( taking the pip freeze and pip show of the environment formed by pip and python binaries passed to the library.
Checklist