18252174847

Committed 05 Oct 2025 01:36AM UTC coverage: 43.382% (-36.9%) from 80.261%

Build # 18252174847

Build Type

push

github

Committed by

web-flow

Commit Message

run tests on mac arm (#22717)

Just doing the minimal to pull forward the x86_64 pattern.

ref #20993

Run Details

25776 of 59416 relevant lines covered (43.38%)

1.3 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/python/pants/backend/tools/trivy/rules.py

# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).
from __future__ import annotations

from dataclasses import dataclass

from pants.backend.tools.trivy.subsystem import Trivy
from pants.core.goals.resolves import ExportableTool
from pants.core.util_rules import external_tool
from pants.core.util_rules.config_files import find_config_file
from pants.core.util_rules.env_vars import environment_vars_subset
from pants.core.util_rules.external_tool import download_external_tool
from pants.engine.env_vars import EnvironmentVarsRequest
from pants.engine.internals.native_engine import Digest, MergeDigests
from pants.engine.internals.selectors import concurrently
from pants.engine.intrinsics import execute_process, merge_digests
from pants.engine.platform import Platform
from pants.engine.process import FallibleProcessResult, Process
from pants.engine.rules import collect_rules, implicitly, rule
from pants.engine.unions import UnionRule
from pants.option.global_options import GlobalOptions
from pants.util.logging import LogLevel


@dataclass(frozen=True)
class RunTrivyRequest:
    # trivy fields
    command: str
    command_args: tuple[str, ...]  # arguments that are command specific
    scanners: tuple[str, ...]
    target: str
    # pants fields
    input_digest: Digest
    description: str


@rule
async def run_trivy(
    request: RunTrivyRequest,
    trivy: Trivy,
    platform: Platform,
    global_options: GlobalOptions,
) -> FallibleProcessResult:
    """Run Trivy."""
    argv = ["__trivy/trivy", "--exit-code=1"]

    argv.extend(["--cache-dir", trivy.cache_dir])

    config_file = await find_config_file(trivy.config_request())
    if trivy.config:
        argv.extend(["--config", trivy.config])

    argv.append(request.command)

    if request.scanners:
        argv.append("--scanners")
        argv.append(",".join(request.scanners))

    if trivy.severity:
        argv.append("--severity")
        argv.append(",".join(trivy.severity))

    argv.append(request.target)

    argv.extend(request.command_args)

    argv.extend(trivy.args)

    if global_options.level > LogLevel.INFO:
        argv.append("-d")

    download_trivy, env, input_digest = await concurrently(
        download_external_tool(trivy.get_request(platform)),
        environment_vars_subset(EnvironmentVarsRequest(trivy.extra_env_vars), **implicitly()),
        merge_digests(MergeDigests((request.input_digest, config_file.snapshot.digest))),
    )

    immutable_input_digests = {"__trivy": download_trivy.digest}

    result = await execute_process(
        Process(
            argv=tuple(argv),
            input_digest=input_digest,
            immutable_input_digests=immutable_input_digests,
            append_only_caches=trivy.append_only_caches,
            env=env,
            description=request.description,
            level=LogLevel.DEBUG,
        ),
        **implicitly(),
    )
    return result


def rules():
    return (
        *collect_rules(),
        *external_tool.rules(),
        UnionRule(ExportableTool, Trivy),
    )

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3	from __future__ import annotations	×
4
5	from dataclasses import dataclass	×
6
7	from pants.backend.tools.trivy.subsystem import Trivy	×
8	from pants.core.goals.resolves import ExportableTool	×
9	from pants.core.util_rules import external_tool	×
10	from pants.core.util_rules.config_files import find_config_file	×
11	from pants.core.util_rules.env_vars import environment_vars_subset	×
12	from pants.core.util_rules.external_tool import download_external_tool	×
13	from pants.engine.env_vars import EnvironmentVarsRequest	×
14	from pants.engine.internals.native_engine import Digest, MergeDigests	×
15	from pants.engine.internals.selectors import concurrently	×
16	from pants.engine.intrinsics import execute_process, merge_digests	×
17	from pants.engine.platform import Platform	×
18	from pants.engine.process import FallibleProcessResult, Process	×
19	from pants.engine.rules import collect_rules, implicitly, rule	×
20	from pants.engine.unions import UnionRule	×
21	from pants.option.global_options import GlobalOptions	×
22	from pants.util.logging import LogLevel	×
23
24
25	@dataclass(frozen=True)	×
26	class RunTrivyRequest:	×
27	# trivy fields
28	command: str	×
29	command_args: tuple[str, ...] # arguments that are command specific	×
30	scanners: tuple[str, ...]	×
31	target: str	×
32	# pants fields
33	input_digest: Digest	×
34	description: str	×
35
36
37	@rule	×
38	async def run_trivy(	×
39	request: RunTrivyRequest,
40	trivy: Trivy,
41	platform: Platform,
42	global_options: GlobalOptions,
43	) -> FallibleProcessResult:
44	"""Run Trivy."""
45	argv = ["__trivy/trivy", "--exit-code=1"]	×
46
47	argv.extend(["--cache-dir", trivy.cache_dir])	×
48
49	config_file = await find_config_file(trivy.config_request())	×
50	if trivy.config:	×
51	argv.extend(["--config", trivy.config])	×
52
53	argv.append(request.command)	×
54
55	if request.scanners:	×
56	argv.append("--scanners")	×
57	argv.append(",".join(request.scanners))	×
58
59	if trivy.severity:	×
60	argv.append("--severity")	×
61	argv.append(",".join(trivy.severity))	×
62
63	argv.append(request.target)	×
64
65	argv.extend(request.command_args)	×
66
67	argv.extend(trivy.args)	×
68
69	if global_options.level > LogLevel.INFO:	×
70	argv.append("-d")	×
71
72	download_trivy, env, input_digest = await concurrently(	×
73	download_external_tool(trivy.get_request(platform)),
74	environment_vars_subset(EnvironmentVarsRequest(trivy.extra_env_vars), **implicitly()),
75	merge_digests(MergeDigests((request.input_digest, config_file.snapshot.digest))),
76	)
77
78	immutable_input_digests = {"__trivy": download_trivy.digest}	×
79
80	result = await execute_process(	×
81	Process(
82	argv=tuple(argv),
83	input_digest=input_digest,
84	immutable_input_digests=immutable_input_digests,
85	append_only_caches=trivy.append_only_caches,
86	env=env,
87	description=request.description,
88	level=LogLevel.DEBUG,
89	),
90	**implicitly(),
91	)
92	return result	×
93
94
95	def rules():	×
96	return (	×
97	*collect_rules(),
98	*external_tool.rules(),
99	UnionRule(ExportableTool, Trivy),
100	)

pantsbuild / pants / 18252174847

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous