Improve reproduciblity of image (#7120)

* hard-pin doc requirements * update docs and commands * hard pin container requirements * check hashes in image build * remove seperate uv install (is in base_requirements) * containers already ships 3.11 - adjust packaging * move build deps to general ci requirements * install yarn using native tools Closes https://github.com/inventree/InvenTree/security/code-scanning/95 Closes https://github.com/inventree/InvenTree/security/code-scanning/96 * merge install steps * adapt install command args to be similar * adapt docs to suggest safer install arg * fix install path * update dependabot settings
2025-06-12 10:05:39 +00:00 · 2024-04-29 03:04:45 +02:00
parent d728b11655
commit 83191d3fbf
14 changed files with 954 additions and 47 deletions
--- a/contrib/packager.io/functions.sh
+++ b/contrib/packager.io/functions.sh
@ -90,7 +90,7 @@ function detect_envs() {
    echo "# Using existing config file: ${INVENTREE_CONFIG_FILE}"

    # Install parser
-    pip install jc==1.25.2 -q
+    pip install -r ${APP_HOME}/.github/requirements.txt -q

    # Load config
    local CONF=$(cat ${INVENTREE_CONFIG_FILE} | jc --yaml)