Is poetry supported by frogbot?

[joergsesterhenn]

Hi, I tried to run frogbot on my poetry project (see https://github.com/joergsesterhenn/py-tic-tac-toe/actions/runs/3285427920/jobs/5412508082 ).

I got this error message: /opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-pull-request 22:30:30 [Info] Running Frogbot "scan-pull-request" command 22:30:30 [Info] Auditing /home/runner/work/py-tic-tac-toe/py-tic-tac-toe 22:30:30 [Info] Detected: poetry. Error: 1 [Error] 'poetry' audit command failed: poetry install command failed: exec: "poetry": executable file not found in $PATH - Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1

There seems to be some support for poetry but then poetry seems to be missing from the frogbot image.

Can I somehow install it in a previous step? or could you change frogbot to execute poetry using abatilo/actions-poetry@v2 ? Is there some way to make this work?

[talarian1]

@joergsesterhenn did you managed to use Frogbot with Poetry? Our new Frogbt v2.4.0 release includes also support for Scanning repositories following new commits for Poetry projects. We updated our documentation to include also Poetry templates.

[joergsesterhenn]

I am afraid I gave up on frogbot. The concept of having to review code (deployments) to an environment before frogbot can review it was annoying and made no sense. The new alternative workflow sounds more reasonable - maybe I'll give it another try sometime.

[yahavi]

@joergsesterhenn, thanks for your feedback! Reviewing the code before triggering the Frogbot scan can be optional, but is highly recommended in public repositories. The reason for the review is to avoid exposing the server's credentials to external users. It is a security review; without it, the user can echo the credentials during Frogbot's workflow. For private repositories, this requirement is not necessary and you can safely remove the environment from the workflow script.