Snyk Scan Failure

[nickumia-reisys]

Related to

• Update data.gov Google Analytics tag (analytics.js) to the GA4 (gtag.js) #3571
• remove ckanext-googleanalyticsbasic, add ckanext-googleanalytics catalog.data.gov#1084

How to reproduce

1. Look at failing Snyk Scan: https://github.com/GSA/catalog.data.gov/actions/workflows/snyk.yml

Expected behavior

Snyk Scan Passes.

Actual behavior

****** Error Log (CLICK ME) ******

Running setup.py develop for ckanext_googleanalytics
    error: subprocess-exited-with-error
    
    × python setup.py develop did not run successfully.
    │ exit code: 1
    ╰─> [32 lines of output]
        running develop
        /usr/lib/python3/dist-packages/setuptools/command/easy_install.py:158: EasyInstallDeprecationWarning: easy_install command is deprecated. Use build and pip and other standards-based tools.
          warnings.warn(
        WARNING: The user site-packages directory is disabled.
        /usr/lib/python3/dist-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
          warnings.warn(
        error: can't create or remove files in install directory
        
        The following error occurred while trying to add or remove files in the
        installation directory:
        
            [Errno 13] Permission denied: '/usr/local/lib/python3.10/dist-packages/test-easy-install-3674.write-test'
        
        The installation directory you specified (via --install-dir, --prefix, or
        the distutils default setting) was:
        
            /usr/local/lib/python3.10/dist-packages/
        
        Perhaps your account does not have write access to this directory?  If the
        installation directory is a system-owned directory, you may need to sign in
        as the administrator or "root" account.  If you do not have administrative
        access to this machine, you may wish to choose a different installation
        directory, preferably one that is listed in your PYTHONPATH environment
        variable.
        
        For information on other options, you may wish to consult the
        documentation at:
        
          https://setuptools.pypa.io/en/latest/deprecated/easy_install.html
        
        Please make the appropriate changes for your system and try again.
        
        [end of output]
    
    note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× python setup.py develop did not run successfully.
│ exit code: 1
╰─> [32 lines of output]
    running develop
    /usr/lib/python3/dist-packages/setuptools/command/easy_install.py:158: EasyInstallDeprecationWarning: easy_install command is deprecated. Use build and pip and other standards-based tools.
      warnings.warn(
    WARNING: The user site-packages directory is disabled.
    /usr/lib/python3/dist-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
      warnings.warn(
    error: can't create or remove files in install directory
    
    The following error occurred while trying to add or remove files in the
    installation directory:
    
        [Errno 13] Permission denied: '/usr/local/lib/python3.10/dist-packages/test-easy-install-3674.write-test'
    
    The installation directory you specified (via --install-dir, --prefix, or
    the distutils default setting) was:
    
        /usr/local/lib/python3.10/dist-packages/
    
    Perhaps your account does not have write access to this directory?  If the
    installation directory is a system-owned directory, you may need to sign in
    as the administrator or "root" account.  If you do not have administrative
    access to this machine, you may wish to choose a different installation
    directory, preferably one that is listed in your PYTHONPATH environment
    variable.
    
    For information on other options, you may wish to consult the
    documentation at:
    
      https://setuptools.pypa.io/en/latest/deprecated/easy_install.html
    
    Please make the appropriate changes for your system and try again.
    
    [end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.

Sketch

It seems to be an error at the intersection of setuptools and ckanext-googleanalytics. However, the only thing we have to go off is that the extension was merged into main 3 days ago. There might be some configuration that we have to accommodate in the snyk scan test, but I'm not sure.

[nickumia-reisys]

Continues to happen: https://github.com/GSA/catalog.data.gov/actions/runs/6456380668/job/17525752439

[Jin-Sun-tts]

tried locally in the ckan container, could not reproduce same error. will do not more research.

[Jin-Sun-tts]

fixed this issue by using python 3.9 (GSA/catalog.data.gov#1116)