renovate/renovate
1
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-13 15:36:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

feat(manager): no-emit-index-url in pip compile (#15367)

Browse source 
* feat(manager): no-emit-index-url in pip compile

Add support for no-emit-index-url to avoid sharing
confident credentials in the generated requirements.txt
file.

* chore: linting fixes

* chore: update docs

* chore: code review fixes

Co-authored-by: Rhys Arkins <rhys@arkins.net>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
This commit is contained in:
Christoph Brand 2022-05-04 00:35:32 +02:00 committed by GitHub
parent 75e7675662
commit 30765fbd1e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/modules/manager/pip-compile/__fixtures__/requirementsWithHashes.txt
View file

@ -2,7 +2,7 @@
# This file is autogenerated by pip-compile with python 3.9
# To update, run:
#
# pip-compile --allow-unsafe --generate-hashes --output-file=requirements.txt requirements.in
# pip-compile --allow-unsafe --generate-hashes --no-emit-index-url --output-file=requirements.txt requirements.in
#
attrs==21.2.0 \
--hash=sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1 \

2
lib/modules/manager/pip-compile/artifacts.spec.ts
View file

@ -182,7 +182,7 @@ describe('modules/manager/pip-compile/artifacts', () => {
'subdir/requirements.txt'
)
).toBe(
'pip-compile --allow-unsafe --generate-hashes --output-file=requirements.txt requirements.in'
'pip-compile --allow-unsafe --generate-hashes --no-emit-index-url --output-file=requirements.txt requirements.in'
);
});

7
lib/modules/manager/pip-compile/artifacts.ts
View file

@ -47,6 +47,11 @@ function getPipToolsConstraint(config: UpdateArtifactsConfig): string {
const constraintLineRegex = regEx(
/^(#.*?\r?\n)+# {4}pip-compile(?<arguments>.*?)\r?\n/
);
const allowedPipArguments = [
'--allow-unsafe',
'--generate-hashes',
'--no-emit-index-url',
];
export function constructPipCompileCmd(
content: string,
@ -58,7 +63,7 @@ export function constructPipCompileCmd(
if (headers?.groups) {
logger.debug({ header: headers[0] }, 'Found pip-compile header');
for (const argument of split(headers.groups.arguments)) {
if (['--allow-unsafe', '--generate-hashes'].includes(argument)) {
if (allowedPipArguments.includes(argument)) {
args.push(argument);
} else if (argument.startsWith('--output-file=')) {
const file = upath.parse(outputFileName).base;

1
lib/modules/manager/pip-compile/readme.md
View file

@ -47,3 +47,4 @@ Renovate reads the `requirements.txt` file and extracts these `pip-compile` argu
- `--generate-hashes`
- `--allow-unsafe`
- `--no-emit-index-url`