Feature- TSS-1112 - Aligning vulnerability resolution

.circleci/config.yml

@@ -11,19 +11,19 @@ commands:
             echo ". venv/bin/activate" >> $BASH_ENV
             . venv/bin/activate  # 
             pip install --upgrade pip
-            pip install -r requirements/dev.txt
+            pip install -r requirements-dev.txt
 
   restore_dependency_cache:
     description: "Restore dependency cache."
     steps:
       - restore_cache:
-          key: deps2-{{ .Branch }}-{{ checksum "requirements/dev.txt" }}
+          key: deps2-{{ .Branch }}-{{ checksum "requirements-dev.txt" }}
 
   save_dependency_cache:
     description: "Save dependency cache."
     steps:
       - save_cache:
-          key: deps2-{{ .Branch }}-{{ checksum "requirements/dev.txt" }}
+          key: deps2-{{ .Branch }}-{{ checksum "requirements-dev.txt" }}
           paths:
             - "venv"
 

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/recreate-poetry-requirements.yml

@@ -0,0 +1,44 @@
+on:
+  pull_request:
+    paths:
+      - 'pyproject.toml'
+      - 'poetry.lock'
+      - 'requirements.txt'
+
+permissions:
+  contents: write
+
+jobs:
+  regenerate_requirements_txt:
+    name: Regenerating the requirements.txt file
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+        - name: Set up Python 3.8
+          uses: actions/setup-python@v4
+          with:
+            python-version: '3.8.x'
+
+        - name: Install Poetry
+          uses: snok/install-poetry@v1
+          with:
+            version: 1.6.1
+
+        - name: Checkout the repository - but just the relevant files
+          uses: actions/checkout@v4
+          with:
+            sparse-checkout: |
+              requirements.txt
+              pyproject.toml
+              poetry.lock
+
+        - name: Generate new lock file
+          run: poetry lock
+
+        - name: Generate new requirements.txt file
+          run: poetry export --without-hashes -f requirements.txt -o requirements.txt
+
+        - name: Committing the changes back to the branch
+          uses: stefanzweifel/git-auto-commit-action@v5
+          with:
+            commit_message: Regenerating requirements.txt file

Dockerfile

@@ -7,7 +7,7 @@ ENV PYTHONUNBUFFERED 1
 COPY requirements /app/requirements
 WORKDIR /app
 RUN pip install --upgrade pip
-RUN pip install -r requirements/dev.txt
+RUN pip install -r requirements-dev.txt
 
 ADD . /app
 WORKDIR /app

Makefile

@@ -18,22 +18,5 @@ help:
 	@echo -e "$(COLOUR_YELLOW)make prod-requirements$(COLOUR_NONE) : Generate prod requirements (requires local pip-compile)"
 
 all-requirements:
-	docker-compose run --rm public pip-compile --output-file requirements/base.txt requirements.in/base.in
-	docker-compose run --rm public pip-compile --output-file requirements/dev.txt requirements.in/dev.in
-	docker-compose run --rm public pip-compile --output-file requirements/prod.txt requirements.in/prod.in
-
-dev-requirements:
-	pip-compile --output-file requirements/base.txt requirements.in/base.in
-	pip-compile --output-file requirements/dev.txt requirements.in/dev.in
-
-prod-requirements:
-	pip-compile --output-file requirements/base.txt requirements.in/base.in
-	pip-compile --output-file requirements/prod.txt requirements.in/prod.in
-
-make compilescss:
-	docker-compose run --rm public python manage.py compilescss
-
-local-all-requirements:
-	pip-compile --output-file requirements/base.txt requirements.in/base.in
-	pip-compile --output-file requirements/dev.txt requirements.in/dev.in
-	pip-compile --output-file requirements/prod.txt requirements.in/prod.in
+	poetry export --without-hashes -f requirements.txt -o requirements.txt
+	poetry export --dev --without-hashes -f requirements.txt -o requirements-dev.txt

pii-ner-exclude.txt

@@ -24,6 +24,146 @@ certifi==2023.11.17
 django-environ==0.4.5
 dotwiz==0.4.0
 N/A
+restore_dependency_cache
+save_dependency_cache
+cimg/python:3.9.5
+Run Flake8
+e7:81:14:2a:87:49:9c:8e
+restore_dependency_cache
+save_dependency_cache
+cimg/python:3.9.5
+Run Flake8
+e7:81:14:2a:87:49:9c:8e
+is_valid
+MyR本4lly本ecurePa本sw0rD$
+is_valid
+MyR本4lly本ecurePa本sw0rD$
+SHELL
+COLOUR_NONE=\033[0m
+SHELL
+COLOUR_NONE=\033[0m
+requirements-dev.txt
+CRUD
+Disable App Nap
+Annotate AST
+4.0.3
+asyncio
+Classes Without Boilerplate
+beautifulsoup4
+1.4.0
+Behave BDD
+The AWS SDK for Python
+1.0.3
+CA Bundle
+Validate
+The Real First Universal Charset Detector
+Chardet
+0.4.6
+5.1.1
+0.3.7
+Chunking Django
+Django Content Security Policy
+jinja2
+Extensions for Django
+Government Digital Services
+the Government Digital Services
+A Django
+IP
+ECS
+SCSS
+3.0.6
+Django/Jinja
+0.1.5
+pep8
+Internationalized Domain Names in Applications
+6.8.0
+zipp
+\"win32\
+Pygments (==
+urllib3
+JSON Matching Expressions
+Cassowary
+Elasticsearch Common Schema
+Sass for Python
+Powerful and Pythonic XML
+libxml2
+Cython
+HTML/XML
+0.1.6
+Inline Matplotlib
+Jupyter
+flake8
+1.8.0
+A Python
+Excel
+0.6.2
+A Python Parser
+0.11.2
+0.7.5
+pybind11
+attrs
+Python Imaging Library (Fork
+\"user
+Library for building powerful interactive command lines
+0.2.2
+AST
+pflake8
+0.7.4
+CSS Minifier
+Humans
+Javascript Minifier
+Amazon
+3.141.0
+Sentry
+falcon
+0.16.0
+8.0.4
+1.16.0
+SQL
+0.10.2
+Python Library for Tom's Obvious, Minimal Language
+the Trade Remedies API
+Traitlets Python
+Backported and Experimental Type Hints for Python
+pyOpenSSL
+0.0.0
+Virtual Python Environment
+2.3.8
+openpyxl
+Chris
+https://github.com/uktrade/trs_v2_api_client.git
+\.git
+\.mypy_cache
+max-line
+max-complexity
+pycache
+D100
+D104
+W504
+darwin
+asttokens==2.4.1
+atomicwrites==1.4.1
+backcall==0.2.0
+beautifulsoup4==4.12.2
+botocore==1.20.112
+charset-normalizer==3.3.2
+click==8.1.7
+contourpy==1.1.0
+executing==2.0.1
+importlib-metadata==6.8.0
+importlib-resources==6.1.1
+ipython==8.13.0
+jedi==0.19.1
+matplotlib==3.7.3
+mypy-extensions==1.0.0
+pexpect==4.8.0
+pluggy==1.3.0
+psycopg2-binary==2.9.9
+ptyprocess==0.7.0
+pygments==2.16.1
+rjsmin==1.2.1
+3.11.0a6
+wcwidth==0.2.9
 pillow>=10.0.1
 NORMAL_HTTP_REFERER
 NORMAL_HTTP_REFERER

pii-secret-exclude.txt

@@ -21,3 +21,5 @@ trade_remedies_public/templates/static/v2/assets/fonts/bold-b542beb274-v2.woff2
 trade_remedies_public/templates/static/v2/assets/fonts/light-94a07e06a1-v2.woff2
 trade_remedies_public/templates/static/v2/assets/fonts/bold-b542beb274-v2.woff2
 .pre-commit-config.yaml
+poetry.lock
+pyproject.toml