Merge branch 'feat/green' into 'master'

    - install_requirements

    - _pip install pylint_gitlab # codeclimate reports

    # run pylint and generate reports all at once

    - _run pylint --ignore=.cache --output-format=colorized,pylint_gitlab.GitlabCodeClimateReporter:reports/py-lint.codeclimate.json,parseable:reports/py-lint.parseable.txt ${PYLINT_ARGS} ${PYLINT_FILES:-$(find -type f -name "*.py")}

    - _run pylint --output-format=colorized,pylint_gitlab.GitlabCodeClimateReporter:reports/py-lint.codeclimate.json,parseable:reports/py-lint.parseable.txt ${PYLINT_ARGS} ${PYLINT_FILES:-$(find -type f -name "*.py" -not -path "./.cache/*")}

  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 day

  script:

    - install_requirements

    - _pip install isort

    - _run isort . --check-only

    - _run isort . --check-only --extend-skip .cache

  rules:

    # exclude if $PYTHON_ISORT_ENABLED not set

    - if: '$PYTHON_ISORT_ENABLED != "true"'

  dependencies: []

  script:

    - mkdir -p -m 777 reports

    - install_requirements

    - |

      if [[ -z "$PYTHON_TRIVY_DIST_URL" ]]

      then

        mv ./trivy $python_trivy

      fi  

    - |

      if [[ "$PYTHON_BUILD_SYSTEM" == poetry* ]]

      then

        # When using Poetry, `pip freeze` outputs a requirements.txt with @file URLs for each wheel

        # These @file URLs in requirements.txt are not supported by Trivy

        # So instead of simply using pip freeze, we use `poetry export`

        poetry export -f requirements.txt --without-hashes --output reports/requirements.txt

      else

      case "$PYTHON_BUILD_SYSTEM" in

        poetry*|pipenv*)

          log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"

          cp poetry.lock Pipfile.lock ./reports 2>/dev/null || true

          ;;

        *)

          log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"

          install_requirements

          _pip freeze | tee ./reports/requirements.txt

      fi

          ;;

      esac

      if [[ -f "./requirements.txt" ]]

      then

        sort -u ./requirements.txt | grep -v "^[  ]*$" > ./requirements.txt.sorted

          log_warn "The ./requirements.txt file does not match the ./reports/requirements.txt file generated via pip freeze. Make sure to include all dependencies with pinned versions in ./requirements.txt and re-commit the file."

        fi

      fi

      if [ $($python_trivy fs ${PYTHON_TRIVY_ARGS} --format table --exit-code 0 ./reports/ | grep -c "Number of language-specific files: 0") -eq 1 ]; then

      if [ $($python_trivy fs ${PYTHON_TRIVY_ARGS} --format table --exit-code 0 ./reports/ 2>&1 | grep -ic "Number of language-specific files[^0-9]*0$" ) -eq 1 ]; then

        log_error "Could not find a file listing all dependencies with their versions."

        exit 1

      fi

  needs: []

  script:

    - mkdir -p -m 777 reports

    - install_requirements

    - |

      case "$PYTHON_BUILD_SYSTEM" in

        setuptools*|reqfile)

        poetry*|pipenv*)

          log_info "$PYTHON_BUILD_SYSTEM build system (\\e[32muse lock file\\e[0m)"

          ;;

        *)

          log_info "$PYTHON_BUILD_SYSTEM build system used (\\e[32mmust generate pinned requirements.txt\\e[0m)"

          install_requirements

          _pip freeze > "${PYTHON_REQS_FILE}"

          ;;

      esac