upgrade poetry

.github/actions/setup-project/action.yml

@@ -15,7 +15,10 @@ runs:
         python-version: "3.12.3"
     - name: Install poetry
       shell: bash
-      run: pip install poetry==1.8.5
+      run: pip install poetry==2.1.3
+    - name: Install poetry export
+      shell: bash
+      run: poetry self add poetry-export-plugin
     - name: Downgrade virtualenv to compatible version
       shell: bash
       run: pip install "virtualenv<20.30"

.github/workflows/checks.yml

@@ -25,7 +25,7 @@ jobs:
         image: postgres
         env:
           POSTGRES_USER: user
-          POSTGRES_PASSWORD: password
+          POSTGRES_PASSWORD: password  # pragma: allowlist secret
           POSTGRES_DB: test_notification_api
         options: >-
           --health-cmd pg_isready
@@ -42,11 +42,11 @@ jobs:
     - name: Install application dependencies
       run: make bootstrap
       env:
-        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
-        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
-        NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
-        NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
-        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
+        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
+        NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}  # pragma: allowlist secret
+        NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}  # pragma: allowlist secret
+        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}  # pragma: allowlist secret
 
     - name: Check imports alphabetized
       run: poetry run isort --check-only ./app ./tests
@@ -57,8 +57,8 @@ jobs:
     - name: Run tests with coverage
       run: poetry run coverage run --omit=*/migrations/*,*/tests/* -m pytest --maxfail=10
       env:
-        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
-        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
+        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
+        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
         NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
         NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
         NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
@@ -87,7 +87,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/setup-project
       - name: Create requirements.txt
-        run: poetry export --without-hashes --format=requirements.txt > requirements.txt
+        run: poetry export --output requirements.txt
       - uses: pypa/gh-action-pip-audit@v1.0.8
         with:
           inputs: requirements.txt
@@ -111,7 +111,7 @@ jobs:
         image: postgres
         env:
           POSTGRES_USER: user
-          POSTGRES_PASSWORD: password
+          POSTGRES_PASSWORD: password  # pragma: allowlist secret
           POSTGRES_DB: test_notification_api
         options: >-
           --health-cmd pg_isready
@@ -127,15 +127,15 @@ jobs:
       - name: Install application dependencies
         run: make bootstrap
         env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
-          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
-          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}  # pragma: allowlist secret
       - name: Run server
         run: make run-flask &
         env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
       - name: Run OWASP API Scan
         uses: zaproxy/action-api-scan@v0.9.0
         with:

.github/workflows/daily_checks.yml

@@ -26,7 +26,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/setup-project
       - name: Create requirements.txt
-        run: poetry export --without-hashes --format=requirements.txt > requirements.txt
+        run: poetry export --output requirements.txt
       - uses: pypa/gh-action-pip-audit@v1.1.0
         with:
           inputs: requirements.txt
@@ -58,7 +58,7 @@ jobs:
         image: postgres
         env:
           POSTGRES_USER: user
-          POSTGRES_PASSWORD: password
+          POSTGRES_PASSWORD: password  # pragma: allowlist secret
           POSTGRES_DB: test_notification_api
         options: >-
           --health-cmd pg_isready
@@ -74,15 +74,15 @@ jobs:
       - name: Install application dependencies
         run: make bootstrap
         env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
-          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
-          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}  # pragma: allowlist secret
+          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}  # pragma: allowlist secret
       - name: Run server
         run: make run-flask &
         env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
       - name: Run OWASP API Scan
         uses: zaproxy/action-api-scan@v0.9.0
         with:

.github/workflows/deploy-demo.yml

@@ -44,7 +44,7 @@ jobs:
       run: make bootstrap
 
     - name: Create requirements.txt
-      run: poetry export --without-hashes --format=requirements.txt > requirements.txt
+      run: poetry export --output requirements.txt
 
     - name: Deploy to cloud.gov
       uses: cloud-gov/cg-cli-tools@main

.github/workflows/deploy-prod.yml

@@ -48,7 +48,7 @@ jobs:
       run: make bootstrap
 
     - name: Create requirements.txt
-      run: poetry export --without-hashes --format=requirements.txt > requirements.txt
+      run: poetry export --output requirements.txt
 
     - name: Deploy to cloud.gov
       uses: cloud-gov/cg-cli-tools@main

.github/workflows/deploy.yml

@@ -50,7 +50,7 @@ jobs:
       run: make bootstrap
 
     - name: Create requirements.txt
-      run: poetry export --without-hashes --format=requirements.txt > requirements.txt
+      run: poetry export --output requirements.txt
 
     - name: Deploy to cloud.gov
       uses: cloud-gov/cg-cli-tools@main

Makefile

@@ -16,7 +16,7 @@ GIT_HOOKS_PATH ?= $(shell git config --global core.hooksPath || echo "")
 .PHONY: bootstrap
 bootstrap: ## Set up everything to run the app
 	make generate-version-file
-	poetry lock --no-update
+	rm poetry.lock
 	poetry install --sync --no-root
 	poetry run pre-commit install
 	createdb notification_api || true
@@ -26,7 +26,8 @@ bootstrap: ## Set up everything to run the app
 .PHONY: bootstrap-with-git-hooks
 bootstrap-with-git-hooks:  ## Sets everything up and accounts for pre-existing git hooks
 	make generate-version-file
-	poetry lock --no-update
+	rm poetry.lock
+	poetry lock
 	poetry install --sync --no-root
 	git config --global --unset-all core.hooksPath
 	poetry run pre-commit install
@@ -112,7 +113,8 @@ test: ## Run tests and create coverage report
 
 .PHONY: py-lock
 py-lock: ## Syncs dependencies and updates lock file without performing recursive internal updates
-	poetry lock --no-update
+    rm poetry.lock
+	poetry lock
 	poetry install --sync
 
 .PHONY: freeze-requirements