conda-vendor improvements for version 1.0.0

[rigzba21]

Improved CLI user experience:

Background/Overview

conda-lock 1.x has significant updates/improvements that require changes to conda-vendor

micromamba now uses the libmamba and libmambapy solver as default, so the old conda-vendor + old conda-lock combination produced channels that had issues solving in our IronBank containers when using up-to-date versions of micromamba.

• [x] Remove meta-manifest intermediary step in favor of conda-lock's new 1.0.x API and lockfile format
• [x] Make vendor the primary command
• [x] Add flag for different solvers: conda, mamba, micromamba based on conda-lock's new 1.0.x API for solve_specs_for_arch
• [x] Add a --dry-run option to generate formatted JSON of conda-lock's solved FetchActions object. This replaces the old meta-manifest generation intermediary step and can be piped to other SBOM tools that accept JSON.
• [x] IronBank hardening_manifest.yaml resources formatted text output, using filtered + merged FETCH actions in conda-lock's FetchActions object
• [x] click cli integration tests
• [x] update test fixtures to use conda-lock's FetchActions, LockSpecification, and VersionedDependency objects
• [x] Update GitHub Actions to include dependencies for integration tests

New Usage for version 1.0.0:

# use conda as the solver for linux-64
conda-vendor vendor --file environment.yaml --solver conda --platform linux-64

# use mamba as the solver for osx-64
conda-vendor vendor --file environment.yaml --solver mamba --platform osx-64

# use micromamba as the solver for the host platform
conda-vendor vendor --file environment.yaml --solver micromamba

# dry-run outputs formatted JSON 
conda-vendor vendor --file environment.yaml --solver mamba --platform linux-64 --dry-run True

Screenshots:

Conda-vendor Improved UX:

repodata.json hotfix progress bar and package download progress bar:

Dry-Run formatted JSON output:

ironbank-gen subcommand (returns formatted text that can be copied into Ironbank's hardening manifest):

Example IronBank Workflow:

1) Generate the vendored channel and output the IronBank Hardening Manifest resources to stdout:

conda-vendor vendor --file my-environment.yaml --solver micromamba --platform linux-64 --ironbank-gen True

2) Copy the output resources block to your IronBank hardening_manifest.yaml:

- url: https://conda.anaconda.org/conda-forge/linux-64/micromamba-0.22.0-0.tar.bz2
  filename: micromamba-0.22.0-0.tar.bz2
  validation:
    type: sha256
    value: f8d6d9ab832401f8f32e161d5043b28fd7f043d8f0829ab5388f6e4a4256524a
- url: https://conda.anaconda.org/conda-forge/linux-64/_libgcc_mutex-0.1-conda_forge.tar.bz2
  filename: _libgcc_mutex-0.1-conda_forge.tar.bz2
  validation:
    type: sha256
    value: fe51de6107f9edc7aa4f786a70f4a883943bc9d39b3bb7307c04c41410990726
- url: https://conda.anaconda.org/conda-forge/linux-64/libstdcxx-ng-11.2.0-he4da1e4_15.tar.bz2
  filename: libstdcxx-ng-11.2.0-he4da1e4_15.tar.bz2
  validation:
    type: sha256
    value: cc84f71bb9dbecde453a25ba8c5aefc9773da5d619633c103eb8bac1ab4afda0

3) Copy over your patched repodata.json files from your vendored channel to the appropriate directory in your IronBank Project

[ghoersti]

This is awesome , let me take some time to review the code!!! TY @rigzba21 :godmode:

[rigzba21]

@ghoersti it doesn't have the "combined" manifest functionality (yet) which we can replace with conda-lock's compound specification, with the make_lock_spec function but this PR was already getting pretty big for my comfort without adding the compound specification functionality from conda-lock 1.x. I figured it'd be better for a separate PR.

[rigzba21]

@ghoersti I'd also like to add our IronBank python scripts functionality to the iron_bank_generator.py module, that way we won't have to maintain copies of each of those scripts for every IronBank repository, we can just have that functionality available from the conda-vendor ironbank-gen subcommand. Again, I figured that would be better left to a separate PR.

cc: @rycrow I can create an issue for this.