feat: use a python virtual environment

Andrew Newdigaterequested to merge
horse/requirements into master

What does this MR do?

This MR sets up a virtual environment for Python.

This is highly recommended for local development, but also essential when performing other tasks such as setting up a docker image containing GET: See https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/sandbox/nail/-/blob/main/Dockerfile.ansible for an example of this.

I've also setup a frozen requirements.txt for reproducibility.

Finally, this MR adds GitLab SAST dependency scanning to ensure that none of the requirements have known security exploits.

Related issues

Related to https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/226

Author's checklist

When ready for review, the Author applies the workflowready for review label:

  • Merge request:
    • Merge Request Title and Description are up to date, accurate, and descriptive
    • MR targeting the appropriate branch
    • MR has a green pipeline
  • Code:
    • Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
    • Documentation created/updated in the same MR.
    • If this MR adds an optional configuration - check that all permutations continue to work.
    • For Terraform changes: setup a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
  • Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.
Edited by Andrew Newdigate

Merge request reports