update to poetry v2 (#133)

prabhu · web-flow · commit d7249c2a6233 · 2025-03-27T22:23:19.000Z
* Update to poetry v2

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

* Generate sbom

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

* Generate sbom

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

* Downgrade symbolic

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

---------

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/.github/workflows/alpine.yml.bak b/.github/workflows/alpine.yml.bak
@@ -18,7 +18,7 @@ jobs:
       run: |
         curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python3 -
         ~/.local/bin/poetry config virtualenvs.create false
-        ~/.local/bin/poetry install
+        ~/.local/bin/poetry sync
         wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-amd64_linux.tar.xz
         tar -xvf upx-4.0.2-amd64_linux.tar.xz
         cp upx-4.0.2-amd64_linux/upx /usr/local/bin/
diff --git a/.github/workflows/bintests.yml b/.github/workflows/bintests.yml
@@ -25,7 +25,7 @@ jobs:
     - name: Install poetry
       run: |
         python3 -m pip install poetry
-        poetry install
+        poetry install --all-groups --all-extras
     - name: Test binaries
       run: |
         mkdir -p bintests gobintests rusttests
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -28,7 +28,7 @@ jobs:
         python3 -m pip install setuptools pyinstaller poetry
         cd blint
         poetry config virtualenvs.create false
-        poetry install --no-cache
+        poetry install --all-groups --all-extras --no-cache
     - name: Binary gnu build
       run: |
         cd blint
@@ -40,6 +40,7 @@ jobs:
           --add-data="blint/data/annotations:blint/data/annotations" \
           --collect-submodules blint \
           --collect-submodules symbolic \
+          --collect-submodules oras \
           --noupx
         ./dist/blint -i dist/blint -o /tmp/reports
         sha256sum ./dist/blint > ./dist/blint.sha256
diff --git a/.github/workflows/mac.yml.bak b/.github/workflows/mac.yml.bak
@@ -41,7 +41,7 @@ jobs:
       run: |
         python3 -m pip install twine setuptools wheel
         curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python3 -
-        poetry install
+        poetry install --all-groups --all-extras
     - name: Binary darwin build
       run: |
         poetry run pyinstaller blint/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name blint --collect-all blint --osx-bundle-identifier ${PRODUCT_IDENTIFIER} --target-architecture x86_64 --codesign-identity ${CODESIGN_ID} --osx-entitlements-file Entitlements.plist --icon ./blint.icns
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -87,3 +87,17 @@ jobs:
       - name: Release PyPI
         if: startsWith(github.ref, 'refs/tags/')
         uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Generate SBOM with cdxgen
+        run: |
+          npm install -g @cyclonedx/cdxgen
+          cdxgen -t python -o bom.json $(pwd) --profile research -p
+
+      - name: Upload bom to release
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            bom.json
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pytests.yml b/.github/workflows/pytests.yml
@@ -35,7 +35,7 @@ jobs:
     - name: Install poetry
       run: |
         python3 -m pip install poetry
-        poetry install
+        poetry install --all-groups --all-extras
     - name: Test with pytest
       run: |
         poetry run pytest --cov=blint tests
diff --git a/.github/workflows/win.yml b/.github/workflows/win.yml
@@ -28,11 +28,11 @@ jobs:
         python -m pip install setuptools pyinstaller tzdata poetry
         cd blint
         poetry config virtualenvs.create false
-        poetry install --no-cache --without dev
+        poetry install --all-groups --all-extras --no-cache
     - name: Binary windows build
       run: |
         cd blint
-        pyinstaller blint/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name blint --add-data="blint/data;blint/data" --add-data="blint/data/annotations;blint/data/annotations" --collect-submodules blint --disable-windowed-traceback -i blint.ico --version-file=file_version_info.txt --noupx
+        pyinstaller blint/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name blint --add-data="blint/data;blint/data" --add-data="blint/data/annotations;blint/data/annotations" --collect-submodules blint --collect-submodules oras --disable-windowed-traceback -i blint.ico --version-file=file_version_info.txt --noupx
         (Get-FileHash .\dist\blint.exe).hash | Out-File -FilePath .\dist\blint.exe.sha256
         set PYTHONIOENCODING=UTF-8
         .\dist\blint.exe -i .\dist\blint.exe -o reports --no-banner
diff --git a/blint/cli.py b/blint/cli.py
@@ -180,9 +180,11 @@ def build_parser():
         choices=["ghcr.io/appthreat/blintdb-vcpkg:v1",
                  "ghcr.io/appthreat/blintdb-vcpkg-arm64:v1",
                  "ghcr.io/appthreat/blintdb-vcpkg-darwin-arm64:v1",
+                 "ghcr.io/appthreat/blintdb-vcpkg-musl:v1",
                  "ghcr.io/appthreat/blintdb-meson:v1",
                  "ghcr.io/appthreat/blintdb-meson-arm64:v1",
-                 "ghcr.io/appthreat/blintdb-meson-darwin-arm64:v1"
+                 "ghcr.io/appthreat/blintdb-meson-darwin-arm64:v1",
+                 "ghcr.io/appthreat/blintdb-meson-musl:v1",
                  ],
         default=BLINTDB_IMAGE_URL,
         help=f"Blintdb image url. Defaults to {BLINTDB_IMAGE_URL}. The environment variable `BLINTDB_IMAGE_URL` is an alternative way to set this value.",
diff --git a/blint/lib/utils.py b/blint/lib/utils.py
@@ -35,8 +35,6 @@
     Technique,
 )
 from blint.logger import console, LOG
-# This is different from generic ConnectionError
-from requests.exceptions import ConnectionError as RequestConnectionError
 
 import oras.client
 from oras.logger import setup_logger
@@ -245,7 +243,7 @@ def blintdb_setup(args):
         )
         os.environ["USE_BLINTDB"] = "true"
         LOG.debug(f"Blintdb stored at {BLINTDB_HOME}")
-    except RequestConnectionError as e:
+    except Exception as e:
         LOG.error(f"Blintdb Download failed: {e}")
 
 
diff --git a/build-mac.sh b/build-mac.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
 
-# poetry install
+# poetry install --all-groups --all-extras
 
 poetry run pyinstaller blint/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name blint --collect-all blint --osx-bundle-identifier io.owasp-dep-scan.blint --target-architecture x86_64 --codesign-identity ${CODESIGN_ID} --osx-entitlements-file .builds/Entitlements.plist
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml

Original file line number	Diff line number	Diff line change
`@@ -35,8 +35,6 @@`
`35`	`35`	`Technique,`
`36`	`36`	`)`
`37`	`37`	`from blint.logger import console, LOG`
`38`		`-# This is different from generic ConnectionError`
`39`		`-from requests.exceptions import ConnectionError as RequestConnectionError`
`40`	`38`
`41`	`39`	`import oras.client`
`42`	`40`	`from oras.logger import setup_logger`
`@@ -245,7 +243,7 @@ def blintdb_setup(args):`
`245`	`243`	`)`
`246`	`244`	`os.environ["USE_BLINTDB"] = "true"`
`247`	`245`	`LOG.debug(f"Blintdb stored at {BLINTDB_HOME}")`
`248`		`- except RequestConnectionError as e:`
	`246`	`+ except Exception as e:`
`249`	`247`	`LOG.error(f"Blintdb Download failed: {e}")`
`250`	`248`
`251`	`249`