22360764254

Committed 24 Feb 2026 04:46PM UTC coverage: 88.798% (-4.1%) from 92.935%

Build # 22360764254

Build Type

Pull #23133

github

Committed by

web-flow

Commit Message

Merge 4c056364c into 4d038bd74

Pull Request Pull Request #23133: Add buildctl engine

Coverage Stats

181 of 264 new or added lines in 8 files covered. (68.56%)

3184 existing lines in 145 files now uncovered.

77555 of 87339 relevant lines covered (88.8%)

3.34 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

58.82

/src/python/pants/backend/tools/trivy/rules.py

# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).
from __future__ import annotations

from dataclasses import dataclass

from pants.backend.tools.trivy.subsystem import Trivy
from pants.core.goals.resolves import ExportableTool
from pants.core.util_rules import external_tool
from pants.core.util_rules.config_files import find_config_file
from pants.core.util_rules.env_vars import environment_vars_subset
from pants.core.util_rules.external_tool import download_external_tool
from pants.engine.env_vars import EnvironmentVarsRequest
from pants.engine.internals.native_engine import Digest, MergeDigests
from pants.engine.internals.selectors import concurrently
from pants.engine.intrinsics import execute_process, merge_digests
from pants.engine.platform import Platform
from pants.engine.process import FallibleProcessResult, Process
from pants.engine.rules import collect_rules, implicitly, rule
from pants.engine.unions import UnionRule
from pants.option.global_options import GlobalOptions
from pants.util.logging import LogLevel


@dataclass(frozen=True)
class RunTrivyRequest:
    # trivy fields
    command: str
    command_args: tuple[str, ...]  # arguments that are command specific
    scanners: tuple[str, ...]
    target: str
    # pants fields
    input_digest: Digest
    description: str


@rule
async def run_trivy(
    request: RunTrivyRequest,
    trivy: Trivy,
    platform: Platform,
    global_options: GlobalOptions,
) -> FallibleProcessResult:
    """Run Trivy."""
    argv = ["__trivy/trivy", "--exit-code=1"]

    argv.extend(["--cache-dir", trivy.cache_dir])

    config_file = await find_config_file(trivy.config_request())
    if trivy.config:
        argv.extend(["--config", trivy.config])

    argv.append(request.command)

    if request.scanners:
        argv.append("--scanners")
        argv.append(",".join(request.scanners))

    if trivy.severity:
        argv.append("--severity")
        argv.append(",".join(trivy.severity))

    argv.append(request.target)

    argv.extend(request.command_args)

    argv.extend(trivy.args)

    if global_options.level > LogLevel.INFO:
        argv.append("-d")

    download_trivy, env, input_digest = await concurrently(
        download_external_tool(trivy.get_request(platform)),
        environment_vars_subset(EnvironmentVarsRequest(trivy.extra_env_vars), **implicitly()),
        merge_digests(MergeDigests((request.input_digest, config_file.snapshot.digest))),
    )

    immutable_input_digests = {"__trivy": download_trivy.digest}

    result = await execute_process(
        Process(
            argv=tuple(argv),
            input_digest=input_digest,
            immutable_input_digests=immutable_input_digests,
            append_only_caches=trivy.append_only_caches,
            env=env,
            description=request.description,
            level=LogLevel.DEBUG,
        ),
        **implicitly(),
    )
    return result


def rules():
    return (
        *collect_rules(),
        *external_tool.rules(),
        UnionRule(ExportableTool, Trivy),
    )

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3	from __future__ import annotations	1✔
4
5	from dataclasses import dataclass	1✔
6
7	from pants.backend.tools.trivy.subsystem import Trivy	1✔
8	from pants.core.goals.resolves import ExportableTool	1✔
9	from pants.core.util_rules import external_tool	1✔
10	from pants.core.util_rules.config_files import find_config_file	1✔
11	from pants.core.util_rules.env_vars import environment_vars_subset	1✔
12	from pants.core.util_rules.external_tool import download_external_tool	1✔
13	from pants.engine.env_vars import EnvironmentVarsRequest	1✔
14	from pants.engine.internals.native_engine import Digest, MergeDigests	1✔
15	from pants.engine.internals.selectors import concurrently	1✔
16	from pants.engine.intrinsics import execute_process, merge_digests	1✔
17	from pants.engine.platform import Platform	1✔
18	from pants.engine.process import FallibleProcessResult, Process	1✔
19	from pants.engine.rules import collect_rules, implicitly, rule	1✔
20	from pants.engine.unions import UnionRule	1✔
21	from pants.option.global_options import GlobalOptions	1✔
22	from pants.util.logging import LogLevel	1✔
23
24
25	@dataclass(frozen=True)	1✔
26	class RunTrivyRequest:	1✔
27	# trivy fields
28	command: str	1✔
29	command_args: tuple[str, ...] # arguments that are command specific	1✔
30	scanners: tuple[str, ...]	1✔
31	target: str	1✔
32	# pants fields
33	input_digest: Digest	1✔
34	description: str	1✔
35
36
37	@rule	1✔
38	async def run_trivy(	1✔
39	request: RunTrivyRequest,
40	trivy: Trivy,
41	platform: Platform,
42	global_options: GlobalOptions,
43	) -> FallibleProcessResult:
44	"""Run Trivy."""
UNCOV 45	argv = ["__trivy/trivy", "--exit-code=1"]	×
46
UNCOV 47	argv.extend(["--cache-dir", trivy.cache_dir])	×
48
UNCOV 49	config_file = await find_config_file(trivy.config_request())	×
UNCOV 50	if trivy.config:	×
51	argv.extend(["--config", trivy.config])	×
52
UNCOV 53	argv.append(request.command)	×
54
UNCOV 55	if request.scanners:	×
56	argv.append("--scanners")	×
57	argv.append(",".join(request.scanners))	×
58
UNCOV 59	if trivy.severity:	×
60	argv.append("--severity")	×
61	argv.append(",".join(trivy.severity))	×
62
UNCOV 63	argv.append(request.target)	×
64
UNCOV 65	argv.extend(request.command_args)	×
66
UNCOV 67	argv.extend(trivy.args)	×
68
UNCOV 69	if global_options.level > LogLevel.INFO:	×
70	argv.append("-d")	×
71
UNCOV 72	download_trivy, env, input_digest = await concurrently(	×
73	download_external_tool(trivy.get_request(platform)),
74	environment_vars_subset(EnvironmentVarsRequest(trivy.extra_env_vars), **implicitly()),
75	merge_digests(MergeDigests((request.input_digest, config_file.snapshot.digest))),
76	)
77
UNCOV 78	immutable_input_digests = {"__trivy": download_trivy.digest}	×
79
UNCOV 80	result = await execute_process(	×
81	Process(
82	argv=tuple(argv),
83	input_digest=input_digest,
84	immutable_input_digests=immutable_input_digests,
85	append_only_caches=trivy.append_only_caches,
86	env=env,
87	description=request.description,
88	level=LogLevel.DEBUG,
89	),
90	**implicitly(),
91	)
UNCOV 92	return result	×
93
94
95	def rules():	1✔
96	return (	1✔
97	*collect_rules(),
98	*external_tool.rules(),
99	UnionRule(ExportableTool, Trivy),
100	)

pantsbuild / pants / 22360764254

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous