name: 'Setup Python with Poetry' description: 'Setup Python environment with Poetry and install dependencies' author: 'Prowler' inputs: python-version: description: 'Python version to use' required: true working-directory: description: 'Working directory for Poetry' required: false default: '.' poetry-version: description: 'Poetry version to install' required: false default: '2.3.4' install-dependencies: description: 'Install Python dependencies with Poetry' required: false default: 'true' update-lock: description: 'Run `poetry lock` during setup. Only enable when a prior step mutates pyproject.toml (e.g. API `@master` VCS rewrite). Default: false.' required: false default: 'false' enable-cache: description: 'Whether to enable Poetry dependency caching via actions/setup-python' required: false default: 'true' runs: using: 'composite' steps: - name: Replace @master with current branch in pyproject.toml (prowler repo only) if: github.event_name == 'pull_request' && github.base_ref == 'master' && github.repository == 'prowler-cloud/prowler' shell: bash working-directory: ${{ inputs.working-directory }} env: HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }} run: | BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" UPSTREAM="prowler-cloud/prowler" if [ "$HEAD_REPO" != "$UPSTREAM" ]; then echo "Fork PR detected (${HEAD_REPO}), rewriting VCS URL to fork" sed -i "s|git+https://github.com/prowler-cloud/prowler\([^@]*\)@master|git+https://github.com/${HEAD_REPO}\1@$BRANCH_NAME|g" pyproject.toml else echo "Same-repo PR, using branch: $BRANCH_NAME" sed -i "s|\(git+https://github.com/prowler-cloud/prowler[^@]*\)@master|\1@$BRANCH_NAME|g" pyproject.toml fi - name: Install poetry shell: bash run: | python -m pip install --upgrade pip pipx install poetry==${INPUTS_POETRY_VERSION} env: INPUTS_POETRY_VERSION: ${{ inputs.poetry-version }} - name: Update poetry.lock with latest Prowler commit if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler' shell: bash working-directory: ${{ inputs.working-directory }} run: | LATEST_COMMIT=$(curl -s "https://api.github.com/repos/prowler-cloud/prowler/commits/master" | jq -r '.sha') echo "Latest commit hash: $LATEST_COMMIT" sed -i '/url = "https:\/\/github\.com\/prowler-cloud\/prowler\.git"/,/resolved_reference = / { s/resolved_reference = "[a-f0-9]\{40\}"/resolved_reference = "'"$LATEST_COMMIT"'"/ }' poetry.lock echo "Updated resolved_reference:" grep -A2 -B2 "resolved_reference" poetry.lock - name: Update poetry.lock (prowler repo only) if: github.repository == 'prowler-cloud/prowler' && inputs.update-lock == 'true' shell: bash working-directory: ${{ inputs.working-directory }} run: poetry lock - name: Set up Python ${{ inputs.python-version }} uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ inputs.python-version }} # Disable cache when callers skip dependency install: Poetry 2.3.4 creates # the venv in a path setup-python can't hash, breaking the post-step save-cache. cache: ${{ inputs.enable-cache == 'true' && 'poetry' || '' }} cache-dependency-path: ${{ inputs.enable-cache == 'true' && format('{0}/poetry.lock', inputs.working-directory) || '' }} - name: Install Python dependencies if: inputs.install-dependencies == 'true' shell: bash working-directory: ${{ inputs.working-directory }} run: | poetry install --no-root poetry run pip list - name: Update Prowler Cloud API Client if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler' shell: bash working-directory: ${{ inputs.working-directory }} run: | poetry remove prowler-cloud-api-client poetry add ./prowler-cloud-api-client