Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add guarddog runner#1580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
Torxed wants to merge2 commits intomaster
base:master
Choose a base branch
Loading
fromadd-guarddog-runner
Open

Add guarddog runner#1580

Torxed wants to merge2 commits intomasterfromadd-guarddog-runner

Conversation

@Torxed
Copy link
Member

@TorxedTorxed commentedNov 29, 2022
edited
Loading

Mainly for future prep, when we start using external dependencies.
This should at least give us a basic safety check against some known issues.

This runner will fail untilrequirements.txt is created :)

@svartkanin
Copy link
Collaborator

Currently the project usesflit as a build/install tool handling thepyproject.toml file. In that case the dependencies should probably live inside thepyproject.toml as well

@Torxed
Copy link
MemberAuthor

Currently the project usesflit as a build/install tool handling thepyproject.toml file. In that case the dependencies should probably live inside thepyproject.toml as well

I agree, sincerequirements.txt is legacy anyway.
I'll figure out a way to doxargs overgrep or something :)

@svartkanin
Copy link
Collaborator

Something like this probably
https://github.com/archlinux/archinstall/pull/1478/files#diff-c13dbcca92f9ff12cd26ecce958be3f9ee8563baace04f7a463a6d2dd4252e0bR46

flit recently had a new release that added a new argumen
flit install --only-deps which will only install dependecies. So it may be easier(?) to run that and do a pip freeze, but not sure

@Torxed
Copy link
MemberAuthor

Something like this probablyhttps://github.com/archlinux/archinstall/pull/1478/files#diff-c13dbcca92f9ff12cd26ecce958be3f9ee8563baace04f7a463a6d2dd4252e0bR46

flit recently had a new release that added a new argumenflit install --only-deps which will only install dependecies. So it may be easier(?) to run that and do a pip freeze, but not sure

That would be a lot easier for installing the dependencies for sure.
The grep magic would have to be done so that guarddog is run on all dependencies tho, separate from installing.

So you're absolutly right with the oneliner:

grep -oP '^ *"[\s\S]+?[=><]+[\s\S]+?"' pyproject.toml > requirements.txt && sed -i 's|"||g' requirements.txtxargs guarddog scan --exit-non-zero-on-finding <requirements.txt

I don't mind if it ends up on the disk between runs, but if we could boil it down to a one-liner that's helpful too :) I just don't have the necessary bash magic within me to do so ^^
And thesed magic confuses me too but I'll trust it.

@svartkanin
Copy link
Collaborator

Yeah it doesn't have to be fancy as it's just sitting in the runner.

I'm working on the libparted implementation and I'll be able to share the migration soon(TM)

@Torxed
Copy link
MemberAuthor

Yeah it doesn't have to be fancy as it's just sitting in the runner.

I'm working on the libparted implementation and I'll be able to share the migration soon(TM)

Awesome! It's going to be a game changer and we'll probably need to bounce ideas on it at some point :)

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Torxed@svartkanin
[8]ページ先頭
©2009-2025 Movatter.jp