Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: move to pipenv for package management #132

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

chore: move to pipenv for package management #132

wants to merge 1 commit into from
+701 −27

Conversation

jmeridth
Copy link
Member

@jmeridth jmeridth commented May 4, 2024
edited

Part of github/github-ospo#84

Pull Request

Proposed Changes

  • switch from pip to pipenv
    • seems to handle hashes better and has a lock file

Readiness Checklist

Author/Contributor

  • If documentation is needed for this change, has that been included in this pull request
  • run make lint and fix any issues that you have introduced
  • run make test and ensure you have test coverage for the lines you are introducing

Reviewer

  • Label as either fix, documentation, enhancement, infrastructure, maintenance or breaking

@jmeridth jmeridth self-assigned this May 4, 2024
@jmeridth jmeridth requested a review from zkoppert as a code owner May 4, 2024 06:16
@jmeridth jmeridth force-pushed the jm-remediations-from-ossf-run-part-two branch from 99d0c71 to 3a00dd0 Compare May 4, 2024 06:20
@jmeridth
Copy link
Member Author

jmeridth commented May 4, 2024

whoops, need to use --platform linux_x86_64 with the pip download but this makes me think we'll either need to use all possible hashes in the requirements.txt or requirements-test.txt files or name the files according to platform.... 🤔 Gotta think on this one.

@jmeridth jmeridth marked this pull request as draft May 4, 2024 06:31
@jmeridth jmeridth force-pushed the jm-remediations-from-ossf-run-part-two branch 20 times, most recently from 3356c0e to 0936962 Compare May 6, 2024 07:38
@jmeridth jmeridth mentioned this pull request May 6, 2024
Closed
12 tasks
@jmeridth jmeridth changed the title chore: more remediations from oss scorecard chore: move to pipenv for package management May 6, 2024
@jmeridth
Copy link
Member Author

jmeridth commented May 6, 2024

Details: github/github-ospo#84 (comment)

@jmeridth
chore: more remediations from oss scorecard
642d523 
- [x] github action versions via hashes
- [x] switch from pip to pipenv
  - seems to handle hashes better and has a lock file

Signed-off-by: jmeridth <jmeridth@gmail.com>
@jmeridth jmeridth force-pushed the jm-remediations-from-ossf-run-part-two branch from 0936962 to 642d523 Compare May 6, 2024 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zkoppert zkoppert Awaiting requested review from zkoppert zkoppert is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@jmeridth jmeridth

Labels
maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jmeridth