20332790708

Committed 18 Dec 2025 09:48AM UTC coverage: 64.992% (-15.3%) from 80.295%

Build # 20332790708

Build Type

Pull #22949

github

Committed by

web-flow

Commit Message

Merge f730a56cd into 407284c67

Pull Request Pull Request #22949: Add experimental uv resolver for Python lockfiles

Run Details

54 of 97 new or added lines in 5 files covered. (55.67%)

8270 existing lines in 295 files now uncovered.

48990 of 75379 relevant lines covered (64.99%)

1.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/python/pants/backend/docker/lint/trivy/rules.py

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
UNCOV 3	from dataclasses import dataclass	×
UNCOV 4	from typing import Any, cast	×
5
UNCOV 6	from pants.backend.docker.package_types import BuiltDockerImage	×
UNCOV 7	from pants.backend.docker.target_types import DockerImageSourceField, DockerImageTarget	×
UNCOV 8	from pants.backend.tools.trivy.rules import RunTrivyRequest, run_trivy	×
UNCOV 9	from pants.backend.tools.trivy.subsystem import SkipTrivyField, Trivy	×
UNCOV 10	from pants.core.goals.lint import LintResult, LintTargetsRequest	×
UNCOV 11	from pants.core.goals.package import (	×
12	EnvironmentAwarePackageRequest,
13	PackageFieldSet,
14	environment_aware_package,
15	)
UNCOV 16	from pants.core.util_rules.partitions import PartitionerType	×
UNCOV 17	from pants.engine.addresses import Addresses	×
UNCOV 18	from pants.engine.internals.graph import find_valid_field_sets, resolve_targets	×
UNCOV 19	from pants.engine.internals.native_engine import EMPTY_DIGEST	×
UNCOV 20	from pants.engine.rules import collect_rules, implicitly, rule	×
UNCOV 21	from pants.engine.target import FieldSet, FieldSetsPerTargetRequest, Target	×
UNCOV 22	from pants.util.logging import LogLevel	×
23
24
UNCOV 25	@dataclass(frozen=True)	×
UNCOV 26	class TrivyDockerFieldSet(FieldSet):	×
UNCOV 27	required_fields = (DockerImageSourceField,)	×
28
UNCOV 29	source: DockerImageSourceField	×
30
UNCOV 31	@classmethod	×
UNCOV 32	def opt_out(cls, tgt: Target) -> bool:	×
33	return tgt.get(SkipTrivyField).value	×
34
35
UNCOV 36	class TrivyDockerRequest(LintTargetsRequest):	×
UNCOV 37	field_set_type = TrivyDockerFieldSet	×
UNCOV 38	tool_subsystem = Trivy # type: ignore[assignment]	×
UNCOV 39	partitioner_type = PartitionerType.DEFAULT_ONE_PARTITION_PER_INPUT	×
40
41
UNCOV 42	def command_args():	×
43	return (	×
44	# workaround for Trivy DB being overloaded on pulls
45	"--db-repository",
46	"ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db",
47	# quiet progress output, which just clutters logs
48	"--no-progress",
49	)
50
51
UNCOV 52	@rule(desc="Lint Docker image with Trivy", level=LogLevel.DEBUG)	×
UNCOV 53	async def run_trivy_docker(	×
54	request: TrivyDockerRequest.Batch[TrivyDockerFieldSet, Any],
55	) -> LintResult:
56	addrs = tuple(e.address for e in request.elements)	×
57	tgts = await resolve_targets(**implicitly(Addresses(addrs)))	×
58
59	field_sets_per_tgt = await find_valid_field_sets(	×
60	FieldSetsPerTargetRequest(PackageFieldSet, tgts), **implicitly()
61	)
62	[field_set] = field_sets_per_tgt.field_sets	×
63
64	package = await environment_aware_package(EnvironmentAwarePackageRequest(field_set))	×
65	built_image: BuiltDockerImage = cast(BuiltDockerImage, package.artifacts[0])	×
66	r = await run_trivy(	×
67	RunTrivyRequest(
68	command="image",
69	command_args=command_args(),
70	scanners=(),
71	target=built_image.image_id,
72	input_digest=EMPTY_DIGEST,
73	description=f"Run Trivy on docker image {','.join(built_image.tags)}",
74	),
75	**implicitly(),
76	)
77
78	return LintResult.create(request, r)	×
79
80
UNCOV 81	def rules():	×
UNCOV 82	return (	×
83	*collect_rules(),
84	*TrivyDockerRequest.rules(),
85	DockerImageTarget.register_plugin_field(SkipTrivyField),
86	)

pantsbuild / pants / 20332790708

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous