PyPI - pyannotators-patterns - Versions diffs - 0.6.23__tar.gz → 1.6.25__tar.gz - Mend

pyannotators-patterns 0.6.23tar.gz → 1.6.25tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

{pyannotators_patterns-0.6.23 → pyannotators_patterns-1.6.25}/Jenkinsfile RENAMED Viewed

@@ -6,6 +6,14 @@ pipeline {
   agent none
+  options {
+    throttleJobProperty(
+      categories: ['pyannotators'],
+      throttleEnabled: true,
+      throttleOption: 'category'
+    )
+  }
   triggers {
     upstream(upstreamProjects: 'pymultirole_plugins/' + BRANCH_NAME.replaceAll('/', '%2F'),\
                                 threshold: hudson.model.Result.SUCCESS)
@@ -18,16 +26,17 @@ pipeline {
     PYTHONPYCACHEPREFIX = '/tmp/.pytest_cache'
     PYTHONDONTWRITEBYTECODE = '1'
     JENKINS_UIDGID = '1004:1004'
+    SBOM_PROJECT_NAME = "sbom-${JOB_NAME.replaceAll('[^a-zA-Z0-9_.-]', '_')}"
-    MAJOR_VERSION = '0'
-    MINOR_VERSION = '6'
+    MAJOR_VERSION = "${MAJOR_VERSION_PY312}"
+    MINOR_VERSION = "${MINOR_VERSION_PY312}"
   }
   stages {
     stage('Catch build termination') {
       agent {
         node {
-          label 'built-in'
+          label 'pre-build'
           customWorkspace "${PATH_HOME}/${JOB_NAME}"
         }
       }
@@ -96,7 +105,7 @@ pipeline {
         //   - docker: /root/test-reports
         //   - host  : /tmp/_${JOB_NAME}/test-reports
         dockerfile {
-          label 'built-in'
+          label 'docker-build'
           customWorkspace "${PATH_HOME}/${JOB_NAME}"
           filename 'Dockerfile'
           args "-u root --privileged -v /tmp/_${JOB_NAME}/test-reports:${TEST_REPORT_DIR}"
@@ -130,6 +139,8 @@ pipeline {
           steps {
             // remove any previous folder dist
             sh 'rm -rf dist'
+            // remove any previous files used for sbom
+            sh 'rm -f sbom*.json trivy*.html syft trivy'
             // pull recent updates of file __init__.py
             withCredentials([gitUsernamePassword(credentialsId: 'bitbucket-user', gitToolName: 'git-tool')]) {
               sh 'git config --global pull.rebase false'
@@ -169,16 +180,16 @@ pipeline {
       agent {
         docker {
           image 'alpine:3.19'
-          label 'built-in'
+          label 'docker-build'
           customWorkspace "${PATH_HOME}/${JOB_NAME}"
-          args "-u 0"
+          args "-u 0 -v ${PATH_HOME}/.cache/trivy:/root/.cache/trivy"
         }
       }
       stages {
         stage('Generate SBOM') {
           steps {
-            sh '''
+            sh """
                apk add --no-cache curl
                curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b . v${SYFT_VERSION}
@@ -191,36 +202,41 @@ pipeline {
                 --exclude '**/sbom.spdx.json' \
                 --source-name "${JOB_NAME}" \
                 --source-version "${BUILD_NUMBER}" \
-                -o cyclonedx-json=sbom.cdx.json \
-                -o spdx-json=sbom.spdx.json
+                -o cyclonedx-json=${SBOM_PROJECT_NAME}.cdx.json \
+                -o spdx-json=${SBOM_PROJECT_NAME}.spdx.json
                rm -f ./syft
-               '''
+               """
           }
         }
         stage('Analyse SBOM') {
           steps {
-            sh '''
+            sh """
                curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v${TRIVY_VERSION}
-               curl -L https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl -o trivy-html-template.tpl
-               ./trivy sbom --download-db-only
-               ./trivy sbom sbom.cdx.json \
-                --skip-db-update \
+               if [ ! -f trivy-html-template.tpl ]; then
+                 curl -L https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl -o trivy-html-template.tpl
+               fi
+               ./trivy sbom ${SBOM_PROJECT_NAME}.cdx.json \
+                --cache-dir "/root/.cache/trivy" \
+                --severity HIGH,CRITICAL \
+                --exit-code 1 \
+                --no-progress \
                 --format template \
                 --template "@trivy-html-template.tpl" \
-                -o trivy-report.html
+                -o trivy-report-${SBOM_PROJECT_NAME}.html || EXIT_CODE=\$?
                rm -f ./trivy
-               '''
+               exit \${EXIT_CODE:-0}
+               """
           }
         }
         stage('Archive SBOM & analysis') {
           steps {
-            archiveArtifacts artifacts: 'sbom*.json, trivy*.html', fingerprint: true
+            archiveArtifacts artifacts: 'sbom*.json, trivy*.html', excludes: 'sbom.cdx.json, sbom.spdx.json', fingerprint: true
           }
         }
       }

{pyannotators_patterns-0.6.23 → pyannotators_patterns-1.6.25}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pyannotators-patterns
-Version: 0.6.23
+Version: 1.6.25
 Summary: Annotator based on Presidio pattern recognizer
 Project-URL: Homepage, https://github.com/oterrier/pyannotators_patterns/
 Author-email: Olivier Terrier <olivier.terrier@kairntech.com>