https://github.com/itsolutionsfactory/poetry-deps-scanner
Analyse poetry dependencies and comment on gitlab
https://github.com/itsolutionsfactory/poetry-deps-scanner
gitlab python python-poetry
Last synced: 11 months ago
JSON representation
Analyse poetry dependencies and comment on gitlab
- Host: GitHub
- URL: https://github.com/itsolutionsfactory/poetry-deps-scanner
- Owner: itsolutionsfactory
- License: mit
- Created: 2021-05-11T10:49:30.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-10-07T10:46:50.000Z (over 3 years ago)
- Last Synced: 2025-06-20T12:47:03.504Z (about 1 year ago)
- Topics: gitlab, python, python-poetry
- Language: Python
- Homepage: https://pypi.org/project/poetry-deps-scanner/
- Size: 235 KB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Poetry dependencies scanner & gitlab commenter
This project consists of two scripts.
One analyses the `poetry.lock` and `pyproject.toml` files
it receives and produces an output listing the outdated
packages.
The other takes an input and posts it as a comment on a Gitlab
merge request.
Here's how we use them:
```yaml
# .gitlab-ci.yml
scan-deps:
stage: test
image: deps-scanner
allow_failure: true
script:
- scan-deps poetry.lock pyproject.toml | comment-gitlab
only:
- merge_requests
```
The `deps-scanner` image is built from the Dockerfile in this repository.
Here's an example of what the output looks like in a merge request for
this repository:

## Installation
```bash
python -m pip install poetry-deps-scanner
```
## Dependencies analysis
The following snippet is an example output the first script may produce:
```
Name │ Type │ Source │ Message
─────────────┼────────┼───────────────┼───────────────────────────────────────
command-log │ direct │ xxxxx.itsf.io │ current=1.0.0 -> latest=2.0.0
coverage │ direct │ pypi.org │ current=6.3.2 -> latest=6.4.1
asgiref │ trans. │ pypi.org │ current=3.5.1 -> latest=3.5.2
grpclib │ trans. │ github.com │ Couldn't compare versions.
requests │ error │ │ ValueError (Hello world)
```
The `Type` column indicates whether the package is a direct or transitive
dependency, or if there has been an uncaught exception:
* `direct` means the package is a direct dependency.
* `trans.` means the package is a transitive dependency: the dependency
of a direct dependency or of a transitive dependency.
* `error` means there has been an uncaught error. The exception class and message
are displayed in the `Message` column
This is computed by using the `pyproject.toml` if given. If this file is
not provided on the command line, the column will be empty.
A dependency is considered direct if it is present in the `pyproject.toml`.
## Gitlab comment
The `comment_gitlab.py` script requires some environment variables
to properly work:
* `BOT_USERNAME`: The username for the bot user
* `BOT_TOKEN`: A Gitlab access token for the bot user
(see https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
* `CI_SERVER_URL`: The URL of the Gitlab instance where to post
* `CI_PROJECT_ID`: The ID of the project containing the MR to post on
* `CI_MERGE_REQUEST_IID`: The IID of the merge request to comment on
The last three variables are automatically populated by Gitlab CI when
running a job as part of a detached pipeline (for a merge request). Notice
the `only: [merge_requests]` in the `.gitlab-ci.yml` above.
Of course, you can also provide them manually to integrate with any other build
system.
If a comment from the bot user already exists, it will be replaced,
in order to reduce the noise. In other words, there will be at most one
comment from the bot on a given merge request. It will contain the results of
the latest check.
## Build the docker image outside ITSF
The Dockerfile inside the repository references images from our internal
Docker registry proxy. You can easily build it on your own by removing
the `nexus.itsf.io:5005/` prefix.
```bash
# on Ubuntu
sed -i 's/nexus.itsf.io:5005\///g' Dockerfile
# on macOS
sed -e 's/nexus.itsf.io:5005\///g' -i "" Dockerfile
# then
docker build -t deps-scanner .
```