Skip to content

SC-37240 Add config-pip action #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
julien-carsique-sonarsource merged 1 commit into from
Dec 8, 2025
Merged

SC-37240 Add config-pip action #177

julien-carsique-sonarsource merged 1 commit into from
Dec 8, 2025

Conversation

@jduchon-sonarsource
Copy link
Contributor

@jduchon-sonarsource jduchon-sonarsource commented Dec 3, 2025
edited by matemoln
Loading

In most of InfraSec repositories, we use pip to install pipenv, and we want to make sure we pull it from JFrog Artifactory.

This action configures pip to use the internal instead of the public pypi registry.

Tested with: https://github.com/SonarSource/infra-aws-account-vending-service/actions/runs/19966951800/job/57266012611?pr=26#step:3:1085

@jduchon-sonarsource jduchon-sonarsource self-assigned this Dec 3, 2025
@jduchon-sonarsource jduchon-sonarsource requested a review from a team as a code owner December 3, 2025 10:57
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Dec 3, 2025
edited by atlassian bot
Loading

SC-37240

@matemoln matemoln force-pushed the task/jakub/SC-37240-add-config-pip-action branch 4 times, most recently from 77ca8fb to 9a1a6a3 Compare December 5, 2025 13:56
@matemoln matemoln force-pushed the task/jakub/SC-37240-add-config-pip-action branch 3 times, most recently from 59f778c to 4a17880 Compare December 8, 2025 10:20
@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the task/jakub/SC-37240-add-config-pip-action branch from f638257 to 0e666bd Compare December 8, 2025 13:47
@jduchon-sonarsource @julien-carsique-sonarsource
SC-37240 Create config-pip action
78a7a50 
Add config-pip action

BUILD-9877 code review

pin external action versions
actions/checkout v5.0.0
actions/setup-python v5.6.0

Reviewed-By: matemoln
Reviewed-By: julien-carsique-sonarsource
@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the task/jakub/SC-37240-add-config-pip-action branch from 0e666bd to 78a7a50 Compare December 8, 2025 14:40
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 8, 2025

SonarQube reviewer guide

Important

We are currently testing different models for AI Summary.
Please give us your feedback by filling this form.

Model A:

Summary: Add config-pip action to configure pip with JFrog Artifactory authentication and caching.

Review Focus: The new shell script config-pip/config.sh handles credential injection into pip configuration - verify proper secret handling and URL parsing logic. Check that the action.yml correctly chains get-build-number and cache actions with appropriate input/output handling.

Start review at: config-pip/config.sh. This script constructs pip configuration with embedded credentials and must handle URL parsing correctly to avoid security issues or misconfigurations.

Model B:

Summary: Add config-pip GitHub Action for pip build environment configuration with Artifactory authentication, plus update actions/checkout to v5.0.0 across documentation and test configurations.

Review Focus:

  • The new config-pip action implementation (action.yml, config.sh) and its integration with existing actions (get-build-number, cache, shared)
  • Pip configuration script security (credentials handling in pip.conf)
  • Test coverage completeness for the new action
  • Consistency of actions/checkout version upgrades across all documentation examples

Start review at: config-pip/action.yml. This is the entry point for the new action and defines all inputs, outputs, and the orchestration of steps. Understanding the action composition here will help you validate the downstream script (config.sh) and test suite (spec/config-pip_spec.sh).

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@julien-carsique-sonarsource julien-carsique-sonarsource merged commit 90b6713 into master Dec 8, 2025
11 checks passed
@julien-carsique-sonarsource julien-carsique-sonarsource deleted the task/jakub/SC-37240-add-config-pip-action branch December 8, 2025 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matemoln matemoln matemoln approved these changes

@julien-carsique-sonarsource julien-carsique-sonarsource julien-carsique-sonarsource approved these changes

@danilodesolesonar danilodesolesonar danilodesolesonar approved these changes

Assignees

@jduchon-sonarsource jduchon-sonarsource

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jduchon-sonarsource @matemoln @julien-carsique-sonarsource @danilodesolesonar