chore(poetry): make python-poetry as packaging and dependency manager (#1935)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>

.github/workflows/build-lint-push-containers.yml

@@ -47,9 +47,22 @@ jobs:
   container-build:
     # needs: dockerfile-linter
     runs-on: ubuntu-latest
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9 #install the python needed
+      - name: Install dependencies
+        run: |
+          pipx install poetry
+          pipx inject poetry poetry-bumpversion
+      - name: Update Prowler version
+        run: |
+          poetry version ${{ github.event.release.tag_name }}
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Build

.github/workflows/pull-request.yml

@@ -24,9 +24,9 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install pipenv
-          pipenv install --dev
-          pipenv run pip list
+          pip install poetry
+          poetry install
+          poetry run pip list
           VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
             grep '"tag_name":' | \
             sed -E 's/.*"v([^"]+)".*/\1/' \
@@ -34,25 +34,25 @@ jobs:
             && chmod +x /tmp/hadolint
       - name: Lint with flake8
         run: |
-          pipenv run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib
+          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib
       - name: Checking format with black
         run: |
-          pipenv run black --check .
+          poetry run black --check .
       - name: Lint with pylint
         run: |
-          pipenv run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
+          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
       - name: Bandit
         run: |
-          pipenv run bandit -q -lll -x '*_test.py,./contrib/' -r .
+          poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
       - name: Safety
         run: |
-          pipenv run safety check
+          poetry run safety check
       - name: Vulture
         run: |
-          pipenv run vulture --exclude "contrib" --min-confidence 100 .
+          poetry run vulture --exclude "contrib" --min-confidence 100 .
       - name: Hadolint
         run: |
           /tmp/hadolint Dockerfile --ignore=DL3013
       - name: Test with pytest
         run: |
-          pipenv run pytest tests -n auto
+          poetry run pytest tests -n auto

.github/workflows/pypi-release.yml

@@ -5,11 +5,14 @@ on:
     types: [published]
 
 env:
-  GITHUB_BRANCH: ${{ github.event.release.tag_name }}
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  GITHUB_BRANCH: master
 
 jobs:
   release-prowler-job:
     runs-on: ubuntu-latest
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
     name: Release Prowler to PyPI
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
@@ -22,20 +25,45 @@ jobs:
           python-version: 3.9 #install the python needed
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
-          pip install build toml --upgrade
-      - name: Build package
-        run: python -m build
-      - name: Publish prowler-cloud package to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          pipx install poetry
+          pipx inject poetry poetry-bumpversion
+      - name: Change version and Build package
+        run: |
+          poetry version ${{ env.RELEASE_TAG }}
+          git config user.name "github-actions"
+          git config user.email "<noreply@github.com>"
+          git add prowler/config/config.py pyproject.toml
+          git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify
+          git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}"
+          git push -f origin ${{ env.RELEASE_TAG }}
+          poetry build
+      - name: Publish prowler package to PyPI
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
       - name: Replicate PyPi Package
         run: |
-          rm -rf ./dist && rm -rf ./build && rm -rf prowler_cloud.egg-info
+          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
           python util/replicate_pypi_package.py
-          python -m build
-      - name: Publish prowler package to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+          poetry build
+      - name: Publish prowler-cloud package to PyPI
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
+      # Create pull request with new version
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
+          branch: release-${{ env.RELEASE_TAG }}
+          labels: "status/waiting-for-revision, severity/low"
+          title: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}"
+          body: |
+            ### Description
+
+            This PR updates Prowler Version to ${{ env.RELEASE_TAG }}.
+
+            ### License
+
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.