| blob | 4e12ab8e87a9f1ac31e7b5c153ab7df098e8ed54 |
1 # Build and safety-check requirements.txt
3 # skjold needs a personal github access token. This needs no permissions,
4 # it is only required to query the GitHub GraphQL API v4.
5 # See: https://pythonawesome.com/security-audit-python-project-dependencies-against-security-advisory-databases/
6 # We attempt to get it from the environment variable SKJOLD_GITHUB_API_TOKEN
7 # or GITHUB_TOKEN.
8 # It can also be passed to this Makefile via either:
9 #
10 # make GITHUB_TOKEN=... (build-and-)check-requirements
11 # make SKJOLD_GITHUB_API_TOKEN=... (build-and-)check-requirements
12 #
13 #
16 .PHONY: build-and-check-requirements
17 build-and-check-requirements: requirements.txt check-requirements
19 # Always rebuild requirements.txt
20 .PHONY: requirements.txt
21 # requirements.txt is generated from requirements.in
22 # via pip-compile included in the pip-tools package.
23 # See https://modelpredict.com/wht-requirements-txt-is-not-enough
24 requirements.txt: requirements.in
27 && pip-compile requirements.in
29 # Check requirements.txt for security violations via skjold,
30 # configured in pyproject.toml.
31 # See: https://pythonawesome.com/security-audit-python-project-dependencies-against-security-advisory-databases/
32 .PHONY: check-requirements
33 check-requirements:
35 ; then \
36 echo "WARNING: Neither SKJOLD_GITHUB_API_TOKEN nor GITHUB_TOKEN is set." \
38 ; fi
41 && skjold audit
42 # NB: For portability, we use '.' (sh etc.) instead of 'source' (bash).
44 # Debug print environment variables
45 debug:
46 @echo "GITHUB_TOKEN = ${GITHUB_TOKEN}"
47 @echo "SKJOLD_GITHUB_API_TOKEN = $${SKJOLD_GITHUB_API_TOKEN}"
48 @echo "Is SKJOLD_GITHUB_API_TOKEN set? $${SKJOLD_GITHUB_API_TOKEN:+yes}"
50 # EOF