Improve reproduciblity of image (#7120)

* hard-pin doc requirements * update docs and commands * hard pin container requirements * check hashes in image build * remove seperate uv install (is in base_requirements) * containers already ships 3.11 - adjust packaging * move build deps to general ci requirements * install yarn using native tools Closes https://github.com/inventree/InvenTree/security/code-scanning/95 Closes https://github.com/inventree/InvenTree/security/code-scanning/96 * merge install steps * adapt install command args to be similar * adapt docs to suggest safer install arg * fix install path * update dependabot settings
2025-06-13 18:45:40 +00:00 · 2024-04-29 03:04:45 +02:00
parent d728b11655
commit 83191d3fbf
14 changed files with 954 additions and 47 deletions
--- a/tasks.py
+++ b/tasks.py
@ -234,14 +234,16 @@ def install(c, uv=False):

    # Install required Python packages with PIP
    if not uv:
-        c.run('pip3 install --upgrade pip')
-        c.run('pip3 install --upgrade setuptools')
+        c.run(
+            'pip3 install --no-cache-dir --disable-pip-version-check -U pip setuptools'
+        )
        c.run(
            'pip3 install --no-cache-dir --disable-pip-version-check -U --require-hashes -r src/backend/requirements.txt'
        )
    else:
-        c.run('pip3 install --upgrade uv')
-        c.run('uv pip install --upgrade setuptools')
+        c.run(
+            'pip3 install --no-cache-dir --disable-pip-version-check -U uv setuptools'
+        )
        c.run('uv pip install -U --require-hashes  -r src/backend/requirements.txt')

    # Run plugins install