Closed rigzba21 closed 2 years ago
This is awesome , let me take some time to review the code!!! TY @rigzba21 :godmode:
@ghoersti it doesn't have the "combined" manifest functionality (yet) which we can replace with conda-lock's compound specification, with the make_lock_spec
function but this PR was already getting pretty big for my comfort without adding the compound specification functionality from conda-lock 1.x. I figured it'd be better for a separate PR.
@ghoersti I'd also like to add our IronBank python scripts functionality to the iron_bank_generator.py
module, that way we won't have to maintain copies of each of those scripts for every IronBank repository, we can just have that functionality available from the conda-vendor ironbank-gen
subcommand. Again, I figured that would be better left to a separate PR.
cc: @rycrow I can create an issue for this.
Improved CLI user experience:
Background/Overview
conda-lock 1.x has significant updates/improvements that require changes to conda-vendor
micromamba
now uses thelibmamba
andlibmambapy
solver as default, so the old conda-vendor + old conda-lock combination produced channels that had issues solving in our IronBank containers when using up-to-date versions ofmicromamba
.vendor
the primary commandconda
,mamba
,micromamba
based on conda-lock's new 1.0.x API forsolve_specs_for_arch
--dry-run
option to generate formatted JSON of conda-lock's solved FetchActions object. This replaces the oldmeta-manifest
generation intermediary step and can be piped to other SBOM tools that accept JSON.New Usage for version 1.0.0:
Screenshots:
Conda-vendor Improved UX:
repodata.json
hotfix progress bar and package download progress bar:Dry-Run formatted JSON output:
ironbank-gen
subcommand (returns formatted text that can be copied into Ironbank's hardening manifest):Example IronBank Workflow:
1) Generate the vendored channel and output the IronBank Hardening Manifest resources to stdout:
2) Copy the output
resources
block to your IronBankhardening_manifest.yaml
:3) Copy over your patched
repodata.json
files from your vendored channel to the appropriate directory in your IronBank Project