Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SonarSource/ci-github-actions
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.3.30
Choose a base ref
...
head repository: SonarSource/ci-github-actions
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.3.31
Choose a head ref
  • 1 commit
  • 3 files changed
  • 1 contributor

Commits on Mar 27, 2026

  1. PREQ-4933 Use plain poetry install to respect lock file (#241) 

    * PREQ-4933 Use plain poetry install to respect lock file

Replace `jf poetry install` with `poetry install` in build-poetry.
The JFrog CLI command internally runs `poetry update` which ignores
the lock file and re-resolves all dependencies, breaking builds when
pyproject.toml constraints reference versions absent from the CI
indexes (e.g. syrupy 5.*).

`jf poetry-config` is kept to configure the Repox registry;
only the install step changes.

* PREQ-4933 Configure Poetry credentials for Repox source

jf poetry-config adds the Repox source to pyproject.toml but does not
configure Poetry's own authentication — that is handled internally by
jf poetry install. Since we now use plain poetry install, we need to
explicitly set POETRY_HTTP_BASIC_REPOX credentials.

- Retrieve ARTIFACTORY_USERNAME from Vault alongside the access token
- Export POETRY_HTTP_BASIC_REPOX_USERNAME and _PASSWORD before install
    @tomverin
    tomverin authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    f059bc1 View commit details
    Browse the repository at this point in the history
Loading