{"id":29709322,"url":"https://github.com/itsolutionsfactory/poetry-deps-scanner","last_synced_at":"2025-07-31T09:37:14.226Z","repository":{"id":37751519,"uuid":"366347895","full_name":"itsolutionsfactory/poetry-deps-scanner","owner":"itsolutionsfactory","description":"Analyse poetry dependencies and comment on gitlab","archived":false,"fork":false,"pushed_at":"2022-10-07T10:46:50.000Z","size":241,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-20T12:47:03.504Z","etag":null,"topics":["gitlab","python","python-poetry"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/poetry-deps-scanner/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/itsolutionsfactory.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-11T10:49:30.000Z","updated_at":"2023-03-11T15:18:41.000Z","dependencies_parsed_at":"2022-08-29T10:41:28.387Z","dependency_job_id":null,"html_url":"https://github.com/itsolutionsfactory/poetry-deps-scanner","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/itsolutionsfactory/poetry-deps-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsolutionsfactory%2Fpoetry-deps-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsolutionsfactory%2Fpoetry-deps-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsolutionsfactory%2Fpoetry-deps-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsolutionsfactory%2Fpoetry-deps-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/itsolutionsfactory","download_url":"https://codeload.github.com/itsolutionsfactory/poetry-deps-scanner/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsolutionsfactory%2Fpoetry-deps-scanner/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266207988,"owners_count":23892905,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gitlab","python","python-poetry"],"created_at":"2025-07-23T20:01:00.864Z","updated_at":"2025-07-31T09:37:14.214Z","avatar_url":"https://github.com/itsolutionsfactory.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Poetry dependencies scanner \u0026 gitlab commenter\n\nThis project consists of two scripts.\n\nOne analyses the `poetry.lock` and `pyproject.toml` files\nit receives and produces an output listing the outdated\npackages.\n\nThe other takes an input and posts it as a comment on a Gitlab\nmerge request.\n\nHere's how we use them:\n\n```yaml\n# .gitlab-ci.yml\n\nscan-deps:\n  stage: test\n  image: deps-scanner\n  allow_failure: true\n  script:\n    - scan-deps poetry.lock pyproject.toml | comment-gitlab\n  only:\n    - merge_requests\n```\n\nThe `deps-scanner` image is built from the Dockerfile in this repository.\n\nHere's an example of what the output looks like in a merge request for\nthis repository:\n\n![Comment screenshot](img/comment-screenshot.png)\n\n## Installation\n\n```bash\npython -m pip install poetry-deps-scanner\n```\n\n## Dependencies analysis\n\nThe following snippet is an example output the first script may produce:\n\n```\n Name        │ Type   │ Source        │ Message\n─────────────┼────────┼───────────────┼───────────────────────────────────────\n command-log │ direct │ xxxxx.itsf.io │ current=1.0.0 -\u003e latest=2.0.0\n coverage    │ direct │ pypi.org      │ current=6.3.2 -\u003e latest=6.4.1\n asgiref     │ trans. │ pypi.org      │ current=3.5.1 -\u003e latest=3.5.2\n grpclib     │ trans. │ github.com    │ Couldn't compare versions.\n requests    │ error  │               │ ValueError (Hello world)\n```\n\nThe `Type` column indicates whether the package is a direct or transitive\ndependency, or if there has been an uncaught exception:\n* `direct` means the package is a direct dependency.\n* `trans.` means the package is a transitive dependency: the dependency\n  of a direct dependency or of a transitive dependency.\n* `error` means there has been an uncaught error. The exception class and message\n  are displayed in the `Message` column\n\nThis is computed by using the `pyproject.toml` if given. If this file is\nnot provided on the command line, the column will be empty.\n\nA dependency is considered direct if it is present in the `pyproject.toml`.\n\n## Gitlab comment\n\nThe `comment_gitlab.py` script requires some environment variables\nto properly work:\n\n* `BOT_USERNAME`: The username for the bot user\n* `BOT_TOKEN`: A Gitlab access token for the bot user\n  (see https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)\n* `CI_SERVER_URL`: The URL of the Gitlab instance where to post\n* `CI_PROJECT_ID`: The ID of the project containing the MR to post on\n* `CI_MERGE_REQUEST_IID`: The IID of the merge request to comment on\n\nThe last three variables are automatically populated by Gitlab CI when\nrunning a job as part of a detached pipeline (for a merge request). Notice\nthe `only: [merge_requests]` in the `.gitlab-ci.yml` above.\n\nOf course, you can also provide them manually to integrate with any other build\nsystem.\n\nIf a comment from the bot user already exists, it will be replaced,\nin order to reduce the noise. In other words, there will be at most one\ncomment from the bot on a given merge request. It will contain the results of\nthe latest check.\n\n## Build the docker image outside ITSF\n\nThe Dockerfile inside the repository references images from our internal\nDocker registry proxy. You can easily build it on your own by removing\nthe `nexus.itsf.io:5005/` prefix.\n\n```bash\n# on Ubuntu\nsed -i 's/nexus.itsf.io:5005\\///g' Dockerfile\n# on macOS\nsed -e 's/nexus.itsf.io:5005\\///g' -i \"\" Dockerfile\n# then\ndocker build -t deps-scanner .\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitsolutionsfactory%2Fpoetry-deps-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fitsolutionsfactory%2Fpoetry-deps-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitsolutionsfactory%2Fpoetry-deps-scanner/lists"}