Closed bittner closed 1 month ago
Thanks for the feature request @bittner!
I have no objection to environment variables for fallbacks here, with two qualifications:
pip-audit
flags, i.e. not ones that overlap with pip
. For flags that overlap with pip
, we should respect whatever environment variables pip
already respects (we might do this transitively already).-r requirements.txt
, since having those kinds of inputs passed via the environment makes the overall command's behavior harder to diagnose (especially in bug reports). Instead, it should only be for "knob" inputs, i.e. bools, selections, ints.@woodruffw I sympathize with your reasoning. It requires more care and effort, though, w.r.t. documenting the CLI options.
I started a PR that adds a few environment variables for overriding the CLI option defaults. I'd be happy if you could verify whether the ones are covered that you thought should be used, and those omitted you didn't want to be covered.
I started a PR that adds a few environment variables for overriding the CLI option defaults. I'd be happy if you could verify whether the ones are covered that you thought should be used, and those omitted you didn't want to be covered.
Awesome, thank you! I'll take a look in a bit.
Pre-submission checks
What's the problem this feature will solve?
Currently, we can only use command line options to configure behavior of
pip-audit
. There is no way to configure its behavior once and retain the configuration for follow-up runs.Describe the solution you'd like
Every CLI option should have its default value configurable via an environment variable (following an easy-to-remember naming scheme). Using a CLI option should take precedence over any such value.
This way, in a terminal one could use
export PIP_AUDIT_...=...
. In the YAML file of popular CI systems one could set environment variables in the respectiveENVIRONMENT
section or similar.Example Implementation
Additional context
This suggestion would be complementary to #694, but quicker, easier and more straight-forward to implement as it is without the complexity of reading a configuration file.