.gitlab-ci.yml

@@ -9,10 +9,10 @@ include:
     ref: 'master'
     file: '/templates/validation.yml'
   - project: 'to-be-continuous/bash'
-    ref: '3.2'
+    ref: '3.3'
     file: 'templates/gitlab-ci-bash.yml'
   - project: 'to-be-continuous/semantic-release'
-    ref: '3.6'
+    ref: '3.7'
     file: '/templates/gitlab-ci-semrel.yml'
 
 stages:

CHANGELOG.md

+## [6.6.1](https://gitlab.com/to-be-continuous/python/compare/6.6.0...6.6.1) (2023-12-19)
+
+
+### Bug Fixes
+
+* add an info message when pyproject.toml found with no 'build-backend' ([b4d95fb](https://gitlab.com/to-be-continuous/python/commit/b4d95fb0a8d3dfe442abd94e7c419d6ef86e4d4b)), closes [#57](https://gitlab.com/to-be-continuous/python/issues/57)
+* **bandit:** exclude .cache/ dir ([d62f2a2](https://gitlab.com/to-be-continuous/python/commit/d62f2a2dcf24af9feebe6483579589d59ff2c3b5)), closes [#58](https://gitlab.com/to-be-continuous/python/issues/58)
+
 # [6.6.0](https://gitlab.com/to-be-continuous/python/compare/6.5.0...6.6.0) (2023-12-8)
 
 

README.md

@@ -14,7 +14,7 @@ Add the following to your `gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: gitlab.com/to-be-continuous/python/gitlab-ci-python@6.6.0
+  - component: gitlab.com/to-be-continuous/python/gitlab-ci-python@6.6.1
     # 2: set/override component inputs
     inputs:
       image: registry.hub.docker.com/library/python:3.10
@@ -29,7 +29,7 @@ Add the following to your `gitlab-ci.yml`:
 include:
   # 1: include the template
   - project: 'to-be-continuous/python'
-    ref: '6.6.0'
+    ref: '6.6.1'
     file: '/templates/gitlab-ci-python.yml'
 
 variables:
@@ -465,9 +465,9 @@ With:
 ```yaml
 include:
   # main component
-  - component: gitlab.com/to-be-continuous/python/gitlab-ci-python@6.6.0
+  - component: gitlab.com/to-be-continuous/python/gitlab-ci-python@6.6.1
   # Vault variant
-  - component: gitlab.com/to-be-continuous/python/gitlab-ci-python-vault@6.6.0
+  - component: gitlab.com/to-be-continuous/python/gitlab-ci-python-vault@6.6.1
     inputs:
       vault-base-url: "https://vault.acme.host/v1"
       # audience claim for JWT

templates/gitlab-ci-python-vault.yml

@@ -22,7 +22,7 @@ variables:
 .python-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "python", "6.6.0"]
+      command: ["--service", "python", "6.6.1"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:

templates/gitlab-ci-python.yml

@@ -502,7 +502,6 @@ variables:
     done
   }
 
-
   function guess_build_system() {
     case "${PYTHON_BUILD_SYSTEM:-auto}" in
     auto)
@@ -532,26 +531,25 @@ variables:
       # that might be PEP 517 if a build-backend is specified
       # otherwise it might be only used as configuration file for development tools...
       build_backend=$(sed -rn 's/^build-backend *= *"([^"]*)".*/\1/p' pyproject.toml)
-
-      if [[ "$build_backend" ]]
-      then
-        case "$build_backend" in
-        poetry.core.masonry.api)          
-          log_info "--- Build system auto-detected: PEP 517 with Poetry backend"
-          export PYTHON_BUILD_SYSTEM="poetry"
-          return
-          ;;
-        setuptools.build_meta)          
-          log_info "--- Build system auto-detected: PEP 517 with Setuptools backend"
-          export PYTHON_BUILD_SYSTEM="setuptools"
-          return
-          ;;
-        *)
-          log_error "--- Build system auto-detected: PEP 517 with unsupported backend \\e[33;1m${build_backend}\\e[0m: please read template doc"
-          exit 1
-          ;;
-        esac
-      fi
+      case "$build_backend" in
+      "")
+        log_info "--- Build system auto-detection... pyproject.toml found but no 'build-backend' specified: continue..."
+        ;;
+      poetry.core.masonry.api)
+        log_info "--- Build system auto-detected: PEP 517 with Poetry backend"
+        export PYTHON_BUILD_SYSTEM="poetry"
+        return
+        ;;
+      setuptools.build_meta)
+        log_info "--- Build system auto-detected: PEP 517 with Setuptools backend"
+        export PYTHON_BUILD_SYSTEM="setuptools"
+        return
+        ;;
+      *)
+        log_error "--- Build system auto-detected: PEP 517 with unsupported backend \\e[33;1m${build_backend}\\e[0m: please read template doc"
+        exit 1
+        ;;
+      esac
     fi
 
     if [[ -f "setup.py" ]]
@@ -807,7 +805,7 @@ stages:
   image: $PYTHON_IMAGE
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "python", "6.6.0"]
+      command: ["--service", "python", "6.6.1"]
   # Cache downloaded dependencies and plugins between builds.
   # To keep cache across branches add 'key: "$CI_JOB_NAME"'
   cache:
@@ -978,15 +976,15 @@ py-bandit:
     - |
       if [[ "$SONAR_HOST_URL" ]]
       then
-        _run bandit ${TRACE+--verbose} --exit-zero --format csv --output reports/py-bandit.bandit.csv ${BANDIT_ARGS}
+        _run bandit ${TRACE+--verbose} --exit-zero --exclude ./.cache --format csv --output reports/py-bandit.bandit.csv ${BANDIT_ARGS}
       fi
     # JSON (for DefectDojo)
     - |
       if [[ "$DEFECTDOJO_BANDIT_REPORTS" ]]
       then
-        _run bandit ${TRACE+--verbose} --exit-zero --format json --output reports/py-bandit.bandit.json ${BANDIT_ARGS}
+        _run bandit ${TRACE+--verbose} --exit-zero --exclude ./.cache --format json --output reports/py-bandit.bandit.json ${BANDIT_ARGS}
       fi
-    - _run bandit ${TRACE+--verbose} ${BANDIT_ARGS}
+    - _run bandit ${TRACE+--verbose} --exclude ./.cache ${BANDIT_ARGS}
   artifacts:
     when: always
     name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"