[PRM-922] Replace requirements.txt with poetry by NogaNHS · Pull Request #1254 · NHSDigital/national-document-repository

NogaNHS · 2026-05-01T14:29:25Z

Overview

Jira ticket: PRM-922

Checklist

Tasks for all changes:

1. I have linked this PR to its Jira ticket.
2. ~~I have run git pre-commits.~~ (WIP)
3. I have added and/or updated relevant tests.
4. I have updated relevant documentation.
5. I have considered the cross-team impact (and have PR approval from both Core & Demographics if necessary).
6. I have successfully deployed this change to a sandbox and witnessed unit, e2e and smoke tests passing:
- 6b. SANDBOX Full- Deploy feature branch to sandbox - workflow run - 25217196281

…file

…n 12.2.0

…raints

…ncy management

…lock

…gin-export, and enforce hash requirements for dependencies

chrisbloe · 2026-05-01T14:52:11Z

@@ -1,15 +1,25 @@
-FROM python:3.11
+FROM python:3.11-slim AS builder


Suggested change

FROM python:3.11-slim AS builder

FROM python:3.11-slim AS builder

# Update the package list and upgrade all installed system packages

RUN apt-get update && \

apt-get upgrade -y && \

rm -rf /var/lib/apt/lists/*

…e for pip installation

…multi-stage build

github-actions · 2026-05-01T15:26:45Z

Code security issues found

View full details here.

sonarqubecloud · 2026-05-01T15:30:35Z

Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

-RUN pip install -r requirements/layers/requirements_core_lambda_layer.txt
-RUN pip install -r requirements/layers/requirements_data_lambda_layer.txt
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir poetry==2.3.4 poetry-plugin-export==1.10.0


NogaNHS added 4 commits May 1, 2026 14:54

Integrate Poetry for dependency management in CI workflows and Docker…

e49a98d

…file

Update dependencies for stitching lambda and upgrade Pillow to versio…

453c61f

…n 12.2.0

Add syrupy dependency for pytest snapshot testing

1e821ff

Update requests dependency to version 2.33.0 and adjust related const…

0ff7f2e

…raints

NogaNHS requested review from a team as code owners May 1, 2026 14:29

NogaNHS requested a review from AndyFlintAnswerDigital May 1, 2026 14:29

NogaNHS had a problem deploying to development May 1, 2026 14:29 — with GitHub Actions Failure

github-advanced-security AI found potential problems May 1, 2026

View reviewed changes

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Refactor Dockerfile to use multi-stage builds with Poetry for depende…

249f157

…ncy management

NogaNHS had a problem deploying to development May 1, 2026 14:39 — with GitHub Actions Failure

github-advanced-security AI found potential problems May 1, 2026

View reviewed changes

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Update lxml dependency to version 6.1.0 in pyproject.toml and poetry.…

f1f48bb

…lock

NogaNHS had a problem deploying to development May 1, 2026 14:47 — with GitHub Actions Failure

Update Dockerfile to specify exact versions for Poetry and poetry-plu…

085c747

…gin-export, and enforce hash requirements for dependencies

chrisbloe reviewed May 1, 2026

View reviewed changes

NogaNHS had a problem deploying to development May 1, 2026 14:52 — with GitHub Actions Failure

Update Dockerfile to include apt-get update

15ae610

NogaNHS had a problem deploying to development May 1, 2026 14:54 — with GitHub Actions Failure

github-advanced-security AI found potential problems May 1, 2026

View reviewed changes

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Update cryptography dependency to version 47.0.0 and adjust Dockerfil…

433d353

…e for pip installation

NogaNHS had a problem deploying to development May 1, 2026 15:00 — with GitHub Actions Failure

github-advanced-security AI found potential problems May 1, 2026

View reviewed changes

Comment thread lambdas/ecs/data_collection/Dockerfile Fixed

Refactor Dockerfile to streamline dependency installation and remove …

c43fdd4

…multi-stage build

NogaNHS had a problem deploying to development May 1, 2026 15:25 — with GitHub Actions Failure

github-advanced-security AI found potential problems May 1, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PRM-922] Replace requirements.txt with poetry#1254

[PRM-922] Replace requirements.txt with poetry#1254
NogaNHS wants to merge 10 commits intomainfrom
PRM-922-a

NogaNHS commented May 1, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chrisbloe May 1, 2026

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented May 1, 2026

Uh oh!

sonarqubecloud Bot commented May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

		@@ -1,15 +1,25 @@
		FROM python:3.11
		FROM python:3.11-slim AS builder

-FROM python:3.11-slim AS builder
+FROM python:3.11-slim AS builder
+# Update the package list and upgrade all installed system packages
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    rm -rf /var/lib/apt/lists/*

Conversation

NogaNHS commented May 1, 2026

Overview

Checklist

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chrisbloe May 1, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented May 1, 2026

Code security issues found

Uh oh!

sonarqubecloud Bot commented May 1, 2026

Quality Gate failed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants