Pin hashes in requirements (#7081)

* use global pin for requests * unify on yaml for workflo files * format workflow files * pin action versions * fix pinned version * use system venv * switch args * remove uv for now and add setting for pyyaml * use requirements file * also switch on docker flow * generate hashes * added hashes to reqs * add hashes for CI too * add hash checking * require hashes everywhere possible * require hashes where possible in docker
2025-06-13 18:45:40 +00:00 · 2024-04-23 09:15:52 +02:00
parent 3e52e5fd69
commit 938c724395
14 changed files with 1952 additions and 198 deletions
--- a/tasks.py
+++ b/tasks.py
@ -237,12 +237,12 @@ def install(c, uv=False):
        c.run('pip3 install --upgrade pip')
        c.run('pip3 install --upgrade setuptools')
        c.run(
-            'pip3 install --no-cache-dir --disable-pip-version-check -U -r src/backend/requirements.txt'
+            'pip3 install --no-cache-dir --disable-pip-version-check -U --require-hashes -r src/backend/requirements.txt'
        )
    else:
        c.run('pip3 install --upgrade uv')
        c.run('uv pip install --upgrade setuptools')
-        c.run('uv pip install -U -r src/backend/requirements.txt')
+        c.run('uv pip install -U --require-hashes  -r src/backend/requirements.txt')

    # Run plugins install
    plugins(c, uv=uv)
@ -260,7 +260,7 @@ def setup_dev(c, tests=False):
    print("Installing required python packages from 'src/backend/requirements-dev.txt'")

    # Install required Python packages with PIP
-    c.run('pip3 install -U -r src/backend/requirements-dev.txt')
+    c.run('pip3 install -U --require-hashes -r src/backend/requirements-dev.txt')

    # Install pre-commit hook
    print('Installing pre-commit for checks before git commits...')