Audit: Some configurations fix

AUDIT-CONFIG.md

@@ -7,10 +7,12 @@
     - **`enabled`** _(boolean)_: Enable Snyk audit. Default: `true`.
     - **`files-no-install`** _(array)_: Dependency files that will not be installed. Default: `[]`.
       - **Items** _(string)_
-    - **`pip-install-arguments`** _(array)_: Arguments to pass to pip install. Default: `["--user"]`.
+    - **`pip-install-arguments`** _(array)_: Arguments to pass to pip install. Default: `[]`.
       - **Items** _(string)_
     - **`pipenv-sync-arguments`** _(array)_: Arguments to pass to pipenv sync. Default: `[]`.
       - **Items** _(string)_
+    - **`poetry-install-arguments`** _(array)_: Arguments to pass to pip install. Default: `[]`.
+      - **Items** _(string)_
     - **`monitor-arguments`** _(array)_: Arguments to pass to Snyk monitor. Default: `["--all-projects"]`.
       - **Items** _(string)_
     - **`test-arguments`** _(array)_: Arguments to pass to Snyk test. Default: `["--all-projects", "--severity-threshold=medium"]`.

github_app_geo_project/module/audit/configuration.py

@@ -222,7 +222,7 @@ class DpkgConfiguration(TypedDict, total=False):
 """ Default value of the field path 'Snyk configuration pipenv-sync-arguments' """
 
 
-PIP_INSTALL_ARGUMENTS_DEFAULT = ["--user"]
+PIP_INSTALL_ARGUMENTS_DEFAULT: list[Any] = []
 """ Default value of the field path 'Snyk configuration pip-install-arguments' """
 
 
@@ -260,7 +260,7 @@ class DpkgConfiguration(TypedDict, total=False):
         # Arguments to pass to pip install
         #
         # default:
-        #   - --user
+        #   []
         "pip-install-arguments": list[str],
         # Pipenv sync arguments.
         #
@@ -269,6 +269,13 @@ class DpkgConfiguration(TypedDict, total=False):
         # default:
         #   []
         "pipenv-sync-arguments": list[str],
+        # Pip install arguments.
+        #
+        # Arguments to pass to pip install
+        #
+        # default:
+        #   []
+        "poetry-install-arguments": list[str],
         # Snyk monitor arguments.
         #
         # Arguments to pass to Snyk monitor

github_app_geo_project/module/audit/schema.json

@@ -34,7 +34,7 @@
               "type": "array",
               "title": "Pip install arguments",
               "description": "Arguments to pass to pip install",
-              "default": ["--user"],
+              "default": [],
               "items": {
                 "type": "string"
               }
@@ -48,6 +48,15 @@
                 "type": "string"
               }
             },
+            "poetry-install-arguments": {
+              "type": "array",
+              "title": "Pip install arguments",
+              "description": "Arguments to pass to pip install",
+              "default": [],
+              "items": {
+                "type": "string"
+              }
+            },
             "monitor-arguments": {
               "type": "array",
               "title": "Snyk monitor arguments",

github_app_geo_project/module/audit/utils.py

@@ -176,7 +176,13 @@ async def snyk(
                 continue
             async with asyncio.timeout(int(os.environ.get("GHCI_PYTHON_INSTALL_TIMEOUT", "1200"))):
                 try:
-                    command = ["poetry", "install"]
+                    command = [
+                        "poetry",
+                        "install",
+                        *local_config.get(
+                            "poetry-install-arguments", config.get("poetry-install-arguments", [])
+                        ),
+                    ]
                     async_proc = await asyncio.create_subprocess_exec(
                         *command,
                         cwd=os.path.dirname(os.path.abspath(file)),
@@ -213,9 +219,14 @@ async def snyk(
     env_no_debug = {**env}
     env["DEBUG"] = "*snyk*"  # debug mode
 
-    command = ["snyk", "monitor", f"--target-reference={branch}"] + config.get(
-        "monitor-arguments", configuration.SNYK_MONITOR_ARGUMENTS_DEFAULT
-    )
+    command = [
+        "snyk",
+        "monitor",
+        f"--target-reference={branch}"
+        * local_config.get(
+            "monitor-arguments", config.get("monitor-arguments", configuration.SNYK_MONITOR_ARGUMENTS_DEFAULT)
+        ),
+    ]
     async with asyncio.timeout(int(os.environ.get("GHCI_SNYK_TIMEOUT", "300"))):
         async_proc = await asyncio.create_subprocess_exec(
             *command, env=env, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
@@ -233,9 +244,14 @@ async def snyk(
         message.title = "Project monitored"
         _LOGGER.debug(message)
 
-    command = ["snyk", "test", "--json"] + config.get(
-        "test-arguments", configuration.SNYK_TEST_ARGUMENTS_DEFAULT
-    )
+    command = [
+        "snyk",
+        "test",
+        "--json"
+        * local_config.get(
+            "test-arguments", config.get("test-arguments", configuration.SNYK_TEST_ARGUMENTS_DEFAULT)
+        ),
+    ]
     async with asyncio.timeout(int(os.environ.get("GHCI_SNYK_TIMEOUT", "300"))):
         test_proc = await asyncio.create_subprocess_exec(
             *command, env=env_no_debug, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
@@ -318,7 +334,13 @@ async def snyk(
     snyk_fix_success = True
     snyk_fix_message = None
     if fixable_vulnerabilities:
-        command = ["snyk", "fix"] + config.get("fix-arguments", configuration.SNYK_FIX_ARGUMENTS_DEFAULT)
+        command = [
+            "snyk",
+            "fix",
+            *local_config.get(
+                "fix-arguments", config.get("fix-arguments", configuration.SNYK_FIX_ARGUMENTS_DEFAULT)
+            ),
+        ]
         async with asyncio.timeout(int(os.environ.get("GHCI_SNYK_TIMEOUT", "300"))):
             snyk_fix_proc = await asyncio.create_subprocess_exec(
                 *command, env=env_no_debug, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE