disabling sonar checks for dependencies which do not seem to work properly #3 #12

behrisch · behrisch · commit c0e558c1ca3b · 2026-04-30T06:54:27.000+02:00
diff --git a/.github/workflows/cibuildwheel.yml b/.github/workflows/cibuildwheel.yml
@@ -129,7 +129,7 @@ jobs:
       - name: Building windows / macos platform wheel sumo-data
         if: ${{ startsWith(matrix.os, 'windows') || startsWith(matrix.os, 'macos') }}
         run: |
-          python -m pip install build
+          python -m pip install -r tools/req_dev.txt
           python tools/build_config/version.py --pep440plat build_config/pyproject/sumo-data.toml pyproject.toml
           python -m build --wheel -o wheelhouse
 
@@ -149,7 +149,6 @@ jobs:
       - name: Relocating libs in macos wheels to sumo-data
         if: ${{ startsWith(matrix.os, 'macos') }}
         run: |
-          python -m pip install wheel delocate
           python tools/build_config/relocate.py wheelhouse
           mv wheelhouse ci_wheelhouse
           mv ci_wheelhouse/relocate wheelhouse
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -27,10 +27,7 @@ jobs:
         python-version: '3.x'
 
     - name: Installing pip packages
-      run: |
-        cd docs/web/
-        python -m pip install --upgrade pip
-        python -m pip install -r requirements.txt
+      run: python -m pip install -r docs/web/requirements.txt
 
     - name: Building documentation
       run: |
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -4,6 +4,8 @@ sonar.projectKey=org.eclipse.sumo
 # relative paths to source directories. More details and properties are described
 # in https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
 sonar.sources=.
-sonar.exclusions=**/*.java,**/*.flow,**/*JAVA_wrap.cxx,**/*PYTHON_wrap.cxx
+# activating checks for the GitHub workflows and Dockerfiles triggers a lot of warnings for pip install like
+# "Using dependencies without locking resolved versions is security-sensitive"
+sonar.exclusions=**/*.java,**/*.flow,**/*JAVA_wrap.cxx,**/*PYTHON_wrap.cxx,.github/workflows/*,build_config/docker/*
 sonar.host.url=https://sonarcloud.io
-sonar.python.version=3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13
+sonar.python.version=3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
diff --git a/tools/req_dev.txt b/tools/req_dev.txt
@@ -1,5 +1,4 @@
 # additional requirements for a developer system for GUI testing and wheel creation
-bibtexparser
 build>=0.7.0
 delocate; sys.platform == 'darwin'
 dmgbuild; sys.platform == 'darwin'

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`# additional requirements for a developer system for GUI testing and wheel creation`
`2`		`-bibtexparser`
`3`	`2`	`build>=0.7.0`
`4`	`3`	`delocate; sys.platform == 'darwin'`
`5`	`4`	`dmgbuild; sys.platform == 'darwin'`