Utilities for handling Phylum integrations
Project description
phylum-ci
Python package for handling CI and other integrations
Installation and usage
Installation
The phylum
Python package is pip installable for the environment of your choice:
pip install phylum
It can also also be installed in an isolated environment with the excellent pipx
tool:
# Globally install the app(s) on your system in an isolated virtual environment for the package
pipx install phylum
# Use the apps from the package in an ephemeral environment
pipx run --spec phylum phylum-init <options>
pipx run --spec phylum phylum-ci <options>
It requires Python 3.7+ to run.
Usage
The phylum
Python package exposes its functionality with a command line interface (CLI).
To view the options available from the CLI, print the help message from one of the scripts provided as entry points:
phylum-init -h
phylum-ci -h
The functionality can also be accessed by calling the module:
python -m phylum.init -h
python -m phylum.ci -h
The functionality is also exposed in the form of a Docker image:
# Get the `latest` tagged image
docker pull phylumio/phylum-ci
# View the help
docker run -it --rm phylumio/phylum-ci "phylum-ci --help"
# Export a Phylum token (e.g., from `phylum auth token`)
export PHYLUM_API_KEY=$(phylum auth token)
# Run it from a git repo directory containing a `.phylum_project` and a lockfile
docker run -it --rm -e PHYLUM_API_KEY --mount type=bind,src=`pwd`,dst=/phylum -w /phylum phylumio/phylum-ci
The Docker image contains git
and the installed phylum
Python package.
It also contains an installed version of the Phylum CLI. The version of the Phylum CLI is the latest
at the time of
the Docker image creation. An advantage of using the Docker image is that the complete environment is packaged and made
available with components that are known to work together.
phylum-init
Script Entry Point
The phylum-init
script can be used to fetch and install the Phylum CLI.
It will attempt to install the latest released version of the CLI but can be specified to fetch a specific version.
It will attempt to automatically determine the correct CLI release, based on the platform where the script is run, but
a specific release target can be specified.
It will accept a Phylum token from an environment variable or specified as an option, but will also function in the case
that no token is provided. This can be because there is already a token set that should continue to be used or because
no token exists and one will need to be manually created or set, after the CLI is installed.
phylum-ci
Script Entry Point
The phylum-ci
script is for analyzing lockfile changes.
The script can be used locally or from within a Continuous Integration (CI) environment.
It will attempt to detect the CI platform based on the environment from which it is run and act accordingly.
The current CI platforms/environments supported are:
- None (local use)
- This is the "fall-through" case used when no other environment is detected
- Can be useful to analyze lockfiles locally, prior to or after submitting a pull/merge request (PR/MR) to a CI system
- Establishing a successful submission prior to submitting a PR/MR to a CI system
- Troubleshooting after submitting a PR/MR to a CI system and getting unexpected results
License
MIT - with complete text available in the LICENSE file.
Contributing
Suggestions and help are welcome. Feel free to open an issue or otherwise contribute. More information is available on the contributing documentation page.
Change log
All notable changes to this project are documented in the CHANGELOG.
The format of the change log is based on Keep a Changelog, and this project adheres to Semantic Versioning. The entries in the changelog are primarily automatically generated through the use of conventional commits and the Python Semantic Release tool. However, some entries may be manually edited, where it helps for clarity and understanding.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.