From 29db4dcf4d878fc3523e61ef139ae1bf2fbd4154 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 27 May 2025 11:34:11 -0700 Subject: [PATCH 01/11] upgrade poetry to 2.1.3 --- .github/actions/setup-project/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-project/action.yml b/.github/actions/setup-project/action.yml index d99a56de1..770a96110 100644 --- a/.github/actions/setup-project/action.yml +++ b/.github/actions/setup-project/action.yml @@ -15,7 +15,7 @@ runs: python-version: "3.12.3" - name: Install poetry shell: bash - run: pip install poetry==1.8.5 + run: pip install poetry==2.1.3 - name: Downgrade virtualenv to compatible version shell: bash run: pip install "virtualenv<20.30" From 589c01ed757d99e15cc337e57cb3d37b13024cee Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 27 May 2025 11:41:33 -0700 Subject: [PATCH 02/11] upgrade poetry to 2.1.3 --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b1e39e21b..1ec781318 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,8 @@ NVMSH := $(shell [ -f "$(HOME)/.nvm/nvm.sh" ] && echo "$(HOME)/.nvm/nvm.sh" || e .PHONY: bootstrap bootstrap: ## Set up everything to run the app make generate-version-file - poetry lock --no-update + rm poetry.lock + poetry lock poetry install --sync --no-root poetry run playwright install --with-deps poetry run pre-commit install From d27bc213d41dee718684927206b64556eb596f21 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 27 May 2025 12:00:46 -0700 Subject: [PATCH 03/11] upgrade poetry to 2.1.3 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1ec781318..ba19b5f69 100644 --- a/Makefile +++ b/Makefile @@ -130,7 +130,7 @@ py-lock: ## Syncs dependencies and updates lock file without performing recursiv .PHONY: freeze-requirements freeze-requirements: ## create static requirements.txt - poetry export --without-hashes --format=requirements.txt > requirements.txt + poetry export --output requirements.txt .PHONY: pip-audit pip-audit: From 0afc93958ce0740c9015e966bc0978080269bfe1 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 27 May 2025 12:25:52 -0700 Subject: [PATCH 04/11] upgrade poetry to 2.1.3 --- .github/workflows/daily_checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml index c2d3082a3..87bed0201 100644 --- a/.github/workflows/daily_checks.yml +++ b/.github/workflows/daily_checks.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/actions/setup-project - name: Create requirements.txt - run: poetry export --without-hashes --format=requirements.txt > requirements.txt + run: poetry export --output requirements.txt - uses: pypa/gh-action-pip-audit@v1.1.0 with: inputs: requirements.txt From 7ba4f3658e364dd970acd0b27fda26fb7b0c841f Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 27 May 2025 12:32:54 -0700 Subject: [PATCH 05/11] upgrade poetry to 2.1.3 --- .github/workflows/checks.yml | 2 +- .github/workflows/deploy-demo.yml | 2 +- .github/workflows/deploy-prod.yml | 2 +- .github/workflows/deploy.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 17de8332f..8ba96a4d2 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -139,7 +139,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/actions/setup-project - name: Create requirements.txt - run: poetry export --without-hashes --format=requirements.txt > requirements.txt + run: poetry export --output requirements.txt - uses: pypa/gh-action-pip-audit@v1.1.0 with: inputs: requirements.txt diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml index b16607c61..7aec7adb7 100644 --- a/.github/workflows/deploy-demo.yml +++ b/.github/workflows/deploy-demo.yml @@ -42,7 +42,7 @@ jobs: - uses: ./.github/actions/setup-project - name: Create requirements.txt - run: poetry export --without-hashes --format=requirements.txt > requirements.txt + run: poetry export --output requirements.txt - name: Deploy to cloud.gov uses: cloud-gov/cg-cli-tools@main diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 05c7ccf26..02e65c36c 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -42,7 +42,7 @@ jobs: - uses: ./.github/actions/setup-project - name: Create requirements.txt - run: poetry export --without-hashes --format=requirements.txt > requirements.txt + run: poetry export --output requirements.txt - name: Deploy to cloud.gov uses: cloud-gov/cg-cli-tools@main diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 1a95d7ba1..221f361e4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -47,7 +47,7 @@ jobs: - uses: ./.github/actions/setup-project - name: Create requirements.txt - run: poetry export --without-hashes --format=requirements.txt > requirements.txt + run: poetry export --output requirements.txt - name: Deploy to cloud.gov From 665d7b543b3d558244c0298278b42bb538970b8c Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 27 May 2025 12:44:28 -0700 Subject: [PATCH 06/11] upgrade poetry to 2.1.3 --- .github/actions/setup-project/action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/actions/setup-project/action.yml b/.github/actions/setup-project/action.yml index 770a96110..73e114bd8 100644 --- a/.github/actions/setup-project/action.yml +++ b/.github/actions/setup-project/action.yml @@ -16,6 +16,9 @@ runs: - name: Install poetry shell: bash run: pip install poetry==2.1.3 + - name: Install poetry export plugin + shell: bash + run: poetry self add poetry-plugin-export - name: Downgrade virtualenv to compatible version shell: bash run: pip install "virtualenv<20.30" From 8b2139727e1e1c96fbff74353857c870b96ef497 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Thu, 29 May 2025 08:49:38 -0700 Subject: [PATCH 07/11] add README comments about poetry upgrades --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 9313a6f88..c8a2e44c5 100644 --- a/README.md +++ b/README.md @@ -308,6 +308,22 @@ you'll be set with an upgraded version of Python. _If you're not sure about the details of your current virtual environment, you can run `poetry env info` to get more information. If you've been using `pyenv` for everything, you can also see all available virtual environments with `pyenv virtualenvs`._ + +#### Poetry upgrades #### + +If you are doing a new project setup, then after you install poetry you need to install the export plugin + +```sh +poetry self add poetry-plugin-export +``` + +If you are upgrading from poetry 1.8.5, you need to do this: + +```sh +curl -sSL https://install.python-poetry.org | python3 - --version 2.1.3 +poetry self add poetry-export-plugin +``` + #### Updating the .env file for Login.gov To configure the application for Login.gov, you will need to update the following environment variables in the .env file: From 6aa84305f635da885912b8fd0040575310f754c0 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Thu, 29 May 2025 11:19:22 -0700 Subject: [PATCH 08/11] code review feedback --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index ba19b5f69..2a24e8696 100644 --- a/Makefile +++ b/Makefile @@ -17,9 +17,7 @@ NVMSH := $(shell [ -f "$(HOME)/.nvm/nvm.sh" ] && echo "$(HOME)/.nvm/nvm.sh" || e .PHONY: bootstrap bootstrap: ## Set up everything to run the app make generate-version-file - rm poetry.lock - poetry lock - poetry install --sync --no-root + poetry sync --no-root poetry run playwright install --with-deps poetry run pre-commit install source $(NVMSH) --no-use && nvm install && npm install From 3fe74bea54cb53baa47a64c7fc260daa4bb9eef7 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Thu, 29 May 2025 11:25:01 -0700 Subject: [PATCH 09/11] add exclusion --- .github/workflows/checks.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 8ba96a4d2..c5609ccdd 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -146,6 +146,7 @@ jobs: ignore-vulns: | PYSEC-2024-60 PYSEC-2022-43162 + PYSEC-2023-312 - name: Run npm audit run: make npm-audit From 3d44e76383499314f729c6ff355ab864f213f1f1 Mon Sep 17 00:00:00 2001 From: ccostino Date: Fri, 30 May 2025 10:57:24 -0400 Subject: [PATCH 10/11] Update .github/workflows/checks.yml Removing extraneous vulnerability ignore config. --- .github/workflows/checks.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index c5609ccdd..78e878060 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -144,8 +144,6 @@ jobs: with: inputs: requirements.txt ignore-vulns: | - PYSEC-2024-60 - PYSEC-2022-43162 PYSEC-2023-312 - name: Run npm audit run: make npm-audit From 6a606a467e7e35d7cfcc6bfb79545fa7d95a2feb Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Fri, 30 May 2025 11:06:45 -0400 Subject: [PATCH 11/11] Update bootstrap-with-git-hooks command Signed-off-by: Carlo Costino --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 2a24e8696..6eeda3bb5 100644 --- a/Makefile +++ b/Makefile @@ -27,8 +27,7 @@ bootstrap: ## Set up everything to run the app .PHONY: bootstrap-with-git-hooks bootstrap-with-git-hooks: ## Sets everything up and accounts for pre-existing git hooks make generate-version-file - poetry lock --no-update - poetry install --sync --no-root + poetry sync --no-root poetry run playwright install --with-deps git config --global --unset-all core.hooksPath poetry run pre-commit install