fix(ci): add --remove-untracked to poetry install

JMounier · JMounier · commit 01381e8384e7 · 2022-11-22T10:22:19.000+01:00
this option makes poetry remove packages from the venv if they are not
referenced in poetry.lock anymore. This prevent safety from detecting
vulnerability in unused packages
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -32,7 +32,7 @@ default:
   before_script:
     - poetry -V
     - poetry run python -m pip install --upgrade pip
-    - poetry install --no-root
+    - poetry install --no-root --remove-untracked
     - poetry run python --version
   image: registry.gitlab.com/tankerhq/docker/sdk-python:latest
 
@@ -87,7 +87,7 @@ stages:
 .before-script/download-artifacts:
   before_script:
     - poetry run python -m pip install --upgrade pip
-    - poetry install --no-root
+    - poetry install --no-root --remove-untracked
     - poetry run python run-ci.py download-artifacts --project-id=$UPSTREAM_PROJECT_ID --pipeline-id=$UPSTREAM_PIPELINE_ID --job-name=$UPSTREAM_JOB_NAME
 
 ###############
