diff --git a/.github/actions/setup-python-poetry/action.yml b/.github/actions/setup-python-poetry/action.yml index 505ba86da6..fd96796b9b 100644 --- a/.github/actions/setup-python-poetry/action.yml +++ b/.github/actions/setup-python-poetry/action.yml @@ -13,11 +13,15 @@ inputs: poetry-version: description: 'Poetry version to install' required: false - default: '2.1.1' + default: '2.3.4' install-dependencies: description: 'Install Python dependencies with Poetry' required: false default: 'true' + update-lock: + description: 'Run `poetry lock` during setup. Only enable when a prior step mutates pyproject.toml (e.g. API `@master` VCS rewrite). Default: false.' + required: false + default: 'false' runs: using: 'composite' @@ -74,7 +78,7 @@ runs: grep -A2 -B2 "resolved_reference" poetry.lock - name: Update poetry.lock (prowler repo only) - if: github.repository == 'prowler-cloud/prowler' + if: github.repository == 'prowler-cloud/prowler' && inputs.update-lock == 'true' shell: bash working-directory: ${{ inputs.working-directory }} run: poetry lock diff --git a/.github/workflows/api-code-quality.yml b/.github/workflows/api-code-quality.yml index 4e15f54dbf..a859a77e04 100644 --- a/.github/workflows/api-code-quality.yml +++ b/.github/workflows/api-code-quality.yml @@ -67,6 +67,7 @@ jobs: with: python-version: ${{ matrix.python-version }} working-directory: ./api + update-lock: 'true' - name: Poetry check if: steps.check-changes.outputs.any_changed == 'true' diff --git a/.github/workflows/api-security.yml b/.github/workflows/api-security.yml index c1f8e833e3..a1a8b3fd82 100644 --- a/.github/workflows/api-security.yml +++ b/.github/workflows/api-security.yml @@ -70,6 +70,7 @@ jobs: with: python-version: ${{ matrix.python-version }} working-directory: ./api + update-lock: 'true' - name: Bandit if: steps.check-changes.outputs.any_changed == 'true' diff --git a/.github/workflows/api-tests.yml b/.github/workflows/api-tests.yml index 21c4f03965..d4eb30e821 100644 --- a/.github/workflows/api-tests.yml +++ b/.github/workflows/api-tests.yml @@ -116,6 +116,7 @@ jobs: with: python-version: ${{ matrix.python-version }} working-directory: ./api + update-lock: 'true' - name: Run tests with pytest if: steps.check-changes.outputs.any_changed == 'true' diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index c4163aa397..faa50d758f 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -38,15 +38,11 @@ jobs: token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }} persist-credentials: false - - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - name: Setup Python with Poetry + uses: ./.github/actions/setup-python-poetry with: python-version: '3.12' - - - name: Install Poetry - run: | - python3 -m pip install --user poetry==2.1.1 - echo "$HOME/.local/bin" >> $GITHUB_PATH + install-dependencies: 'false' - name: Configure Git run: | diff --git a/.github/workflows/sdk-code-quality.yml b/.github/workflows/sdk-code-quality.yml index 08f8001120..d73547c94d 100644 --- a/.github/workflows/sdk-code-quality.yml +++ b/.github/workflows/sdk-code-quality.yml @@ -69,22 +69,11 @@ jobs: contrib/** **/AGENTS.md - - name: Install Poetry + - name: Setup Python with Poetry if: steps.check-changes.outputs.any_changed == 'true' - run: pipx install poetry==2.1.1 - - - name: Set up Python ${{ matrix.python-version }} - if: steps.check-changes.outputs.any_changed == 'true' - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + uses: ./.github/actions/setup-python-poetry with: python-version: ${{ matrix.python-version }} - cache: 'poetry' - - - name: Install dependencies - if: steps.check-changes.outputs.any_changed == 'true' - run: | - poetry install --no-root - poetry run pip list - name: Check Poetry lock file if: steps.check-changes.outputs.any_changed == 'true' diff --git a/.github/workflows/sdk-container-build-push.yml b/.github/workflows/sdk-container-build-push.yml index ebe595bbbc..bedc6a209e 100644 --- a/.github/workflows/sdk-container-build-push.yml +++ b/.github/workflows/sdk-container-build-push.yml @@ -74,15 +74,14 @@ jobs: with: persist-credentials: false - - name: Set up Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - name: Setup Python with Poetry + uses: ./.github/actions/setup-python-poetry with: python-version: ${{ env.PYTHON_VERSION }} + install-dependencies: 'false' - - name: Install Poetry - run: | - pipx install poetry==2.1.1 - pipx inject poetry poetry-bumpversion + - name: Inject poetry-bumpversion plugin + run: pipx inject poetry poetry-bumpversion - name: Get Prowler version and set tags id: get-prowler-version diff --git a/.github/workflows/sdk-pypi-release.yml b/.github/workflows/sdk-pypi-release.yml index 5173760205..dd333de257 100644 --- a/.github/workflows/sdk-pypi-release.yml +++ b/.github/workflows/sdk-pypi-release.yml @@ -73,13 +73,11 @@ jobs: with: persist-credentials: false - - name: Install Poetry - run: pipx install poetry==2.1.1 - - - name: Set up Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - name: Setup Python with Poetry + uses: ./.github/actions/setup-python-poetry with: python-version: ${{ env.PYTHON_VERSION }} + install-dependencies: 'false' - name: Build Prowler package run: poetry build @@ -111,13 +109,11 @@ jobs: with: persist-credentials: false - - name: Install Poetry - run: pipx install poetry==2.1.1 - - - name: Set up Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - name: Setup Python with Poetry + uses: ./.github/actions/setup-python-poetry with: python-version: ${{ env.PYTHON_VERSION }} + install-dependencies: 'false' - name: Install toml package run: pip install toml diff --git a/.github/workflows/sdk-security.yml b/.github/workflows/sdk-security.yml index f4924ab030..e2e620d09c 100644 --- a/.github/workflows/sdk-security.yml +++ b/.github/workflows/sdk-security.yml @@ -69,20 +69,11 @@ jobs: contrib/** **/AGENTS.md - - name: Install Poetry + - name: Setup Python with Poetry if: steps.check-changes.outputs.any_changed == 'true' - run: pipx install poetry==2.1.1 - - - name: Set up Python 3.12 - if: steps.check-changes.outputs.any_changed == 'true' - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + uses: ./.github/actions/setup-python-poetry with: python-version: '3.12' - cache: 'poetry' - - - name: Install dependencies - if: steps.check-changes.outputs.any_changed == 'true' - run: poetry install --no-root - name: Security scan with Bandit if: steps.check-changes.outputs.any_changed == 'true' diff --git a/.github/workflows/sdk-tests.yml b/.github/workflows/sdk-tests.yml index 7b9fc9d6ef..ee46875a11 100644 --- a/.github/workflows/sdk-tests.yml +++ b/.github/workflows/sdk-tests.yml @@ -90,20 +90,11 @@ jobs: contrib/** **/AGENTS.md - - name: Install Poetry + - name: Setup Python with Poetry if: steps.check-changes.outputs.any_changed == 'true' - run: pipx install poetry==2.1.1 - - - name: Set up Python ${{ matrix.python-version }} - if: steps.check-changes.outputs.any_changed == 'true' - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + uses: ./.github/actions/setup-python-poetry with: python-version: ${{ matrix.python-version }} - cache: 'poetry' - - - name: Install dependencies - if: steps.check-changes.outputs.any_changed == 'true' - run: poetry install --no-root # AWS Provider - name: Check if AWS files changed diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 928a50341b..633c10a80f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -70,7 +70,7 @@ repos: args: ["--ignore=E266,W503,E203,E501,W605"] - repo: https://github.com/python-poetry/poetry - rev: 2.1.1 + rev: 2.3.4 hooks: - id: poetry-check name: API - poetry-check diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 17d338d2e9..5d375cd0df 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -13,7 +13,7 @@ build: post_create_environment: # Install poetry # https://python-poetry.org/docs/#installing-manually - - python -m pip install poetry + - python -m pip install poetry==2.3.4 post_install: # Install dependencies with 'docs' dependency group # https://python-poetry.org/docs/managing-dependencies/#dependency-groups diff --git a/AGENTS.md b/AGENTS.md index 5302e38f52..3e31088282 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -140,7 +140,7 @@ Prowler is an open-source cloud security assessment tool supporting AWS, Azure, | Component | Location | Tech Stack | |-----------|----------|------------| -| SDK | `prowler/` | Python 3.10+, Poetry | +| SDK | `prowler/` | Python 3.10+, Poetry 2.3+ | | API | `api/` | Django 5.1, DRF, Celery | | UI | `ui/` | Next.js 15, React 19, Tailwind 4 | | MCP Server | `mcp_server/` | FastMCP, Python 3.12+ | diff --git a/Dockerfile b/Dockerfile index 0dbe63ece0..e8a0d19a56 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,7 +68,7 @@ ENV HOME='/home/prowler' ENV PATH="${HOME}/.local/bin:${PATH}" #hadolint ignore=DL3013 RUN pip install --no-cache-dir --upgrade pip && \ - pip install --no-cache-dir poetry + pip install --no-cache-dir poetry==2.3.4 RUN poetry install --compile && \ rm -rf ~/.cache/pip diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md index 1d4da94ad3..56fb626aa5 100644 --- a/api/CHANGELOG.md +++ b/api/CHANGELOG.md @@ -2,6 +2,14 @@ All notable changes to the **Prowler API** are documented in this file. +## [1.25.0] (Prowler UNRELEASED) + +### 🔄 Changed + +- Bump Poetry to `2.3.4` in Dockerfile and pre-commit hooks. Regenerate `api/poetry.lock` [(#10681)](https://github.com/prowler-cloud/prowler/pull/10681) + +--- + ## [1.24.0] (Prowler v5.23.0) ### 🚀 Added diff --git a/api/Dockerfile b/api/Dockerfile index ffa12c6f88..07f69d0b0f 100644 --- a/api/Dockerfile +++ b/api/Dockerfile @@ -71,7 +71,7 @@ RUN mkdir -p /tmp/prowler_api_output COPY pyproject.toml ./ RUN pip install --no-cache-dir --upgrade pip && \ - pip install --no-cache-dir poetry + pip install --no-cache-dir poetry==2.3.4 ENV PATH="/home/prowler/.local/bin:$PATH" diff --git a/prowler/AGENTS.md b/prowler/AGENTS.md index b1d83fa200..5f7099ac0a 100644 --- a/prowler/AGENTS.md +++ b/prowler/AGENTS.md @@ -81,7 +81,7 @@ class {check_name}(Check): ## TECH STACK -Python 3.10+ | Poetry 2+ | pytest | moto (AWS mocking) | Pre-commit hooks (black, flake8, pylint, bandit) +Python 3.10+ | Poetry 2.3+ | pytest | moto (AWS mocking) | Pre-commit hooks (black, flake8, pylint, bandit) --- diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index cdc894523d..590b39d172 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -14,6 +14,10 @@ All notable changes to the **Prowler SDK** are documented in this file. - `bedrock_vpc_endpoints_configured` check for AWS provider [(#10591)](https://github.com/prowler-cloud/prowler/pull/10591) - `exchange_organization_delicensing_resiliency_enabled` check for m365 provider [(#10608)](https://github.com/prowler-cloud/prowler/pull/10608) +### 🔄 Changed + +- Bump Poetry to `2.3.4` and consolidate SDK workflows onto the `setup-python-poetry` composite action with opt-in lockfile regeneration [(#10681)](https://github.com/prowler-cloud/prowler/pull/10681) + --- ## [5.23.0] (Prowler v5.23.0) diff --git a/pyproject.toml b/pyproject.toml index 937de3ce00..4e4ea97eba 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,8 +9,7 @@ classifiers = [ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", - "Programming Language :: Python :: 3.12", - "License :: OSI Approved :: Apache Software License" + "Programming Language :: Python :: 3.12" ] dependencies = [ "awsipranges==0.3.3",