From 2803e6aef8abce48d108ff54c060d3a6c715041e Mon Sep 17 00:00:00 2001 From: Adam Meily Date: Fri, 2 Sep 2022 12:16:52 -0400 Subject: [PATCH 1/2] add faq entry for pipenv support --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index a53feaa..57861d6 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ with support from Google. This is not an official Google or Trail of Bits produc * [Configuration](#configuration) * [⚠️ Internal options ⚠️](#internal-options) * [Troubleshooting](#troubleshooting) +* [Tips and Tricks](#tips-and-tricks) * [Licensing](#licensing) * [Code of Conduct](#code-of-conduct) @@ -358,6 +359,34 @@ in the virtual environment should be included: local: true ``` +## Tips and Tricks + +### Running against a pipenv project + +If you are adding `pip-audit` to a pipenv based project, you'll first need +to convert the `Pipfile[.lock]` to a `requirements.txt` file that pip-audit +can ingest. Use a Python tool, such as +[`pipfile-requirements`](https://github.com/frostming/pipfile-requirements), to +convert your `Pipfile[.lock]` to a `requirements.txt` file and then run +`pip-audit` GitHub ACtion against the generated requirements file. + +```yaml +jobs: + pip-audit: + steps: + - uses: actions/setup-python@v2 + with: + python-version: 3.9 # change to your required version of Python + + - name: 'Generate requirements.txt' + run: | + pipx run pipfile-requirements Pipfile.lock > requirements.txt + + - uses: pypa/gh-action-pip-audit@v1.0.0 + with: + inputs: requirements.txt +``` + ## Licensing `gh-action-pip-audit` is licensed under the Apache 2.0 License. From c160fd4af154ca73bea86f7f64d18e2fdc67910b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 6 Sep 2022 13:59:26 -0400 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Dustin Ingram --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57861d6..96cda4d 100644 --- a/README.md +++ b/README.md @@ -364,11 +364,11 @@ in the virtual environment should be included: ### Running against a pipenv project If you are adding `pip-audit` to a pipenv based project, you'll first need -to convert the `Pipfile[.lock]` to a `requirements.txt` file that pip-audit +to convert the `Pipfile[.lock]` to a `requirements.txt` file that `pip-audit` can ingest. Use a Python tool, such as [`pipfile-requirements`](https://github.com/frostming/pipfile-requirements), to convert your `Pipfile[.lock]` to a `requirements.txt` file and then run -`pip-audit` GitHub ACtion against the generated requirements file. +`pip-audit` GitHub Action against the generated requirements file. ```yaml jobs: