fix: manually install detect-secret to manage direct dependency packa…

…ges out side Pypi (oscal-compass#28) Signed-off-by: Takumi Yanagawa <[email protected]>
yana1205 · Aug 28, 2024 · b3fe92c · b3fe92c
1 parent 853ae31
commit b3fe92c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
           fetch-depth: 0
       - name: Python Semantic Release
         id: release
-        uses: python-semantic-release/[email protected].0
+        uses: python-semantic-release/[email protected].7
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Check release

diff --git a/Makefile b/Makefile
@@ -10,6 +10,12 @@ install:
 install-dev:
 	python -m pip install ".[dev]"
 
+# Direct dependency is not allowed for Pypi packaging even if the dependant module is defined as extra dependencies. 
+# Workaround: Move to manual installation by make
+.PHONY: install-detect-descret
+install-detect-descret:
+	python -m pip install detect-secrets@git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets
+
 .PHONY: uninstall
 uninstall:
 	python -m pip uninstall compliance-to-policy

diff --git a/pyproject.toml b/pyproject.toml
@@ -52,8 +52,6 @@ dev = [
   "black",
   "isort",
   "pylint",
-  ## Security tools
-  "detect-secrets@git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
 ]
 
 [project.urls]