update secret scan pypi to use pip3 or give an option for pip3 over pip

[mcdwayne]

Is your feature request related to a problem? Please describe.

When running ggshield secret scan pypi PACKAGENAME on a M2 Macbook pro running Python3 I get the following error:

sample_secrets ~ $ggshield secret scan pypi TestAuto             
Downloading pip package... Traceback (most recent call last):
  File "/opt/homebrew/bin/ggshield", line 8, in <module>
    sys.exit(main())
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/ggshield/cmd/main.py", line 156, in main
    return cli.main(args, prog_name="ggshield", standalone_mode=not show_crash_log)
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/core.py", line 1053, in main
    rv = self.invoke(ctx)
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/core.py", line 1395, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/core.py", line 754, in invoke
    return __callback(*args, **kwargs)
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/ggshield/cmd/secret/scan/pypi.py", line 91, in pypi_cmd
    save_package_to_tmp(temp_dir=temp_dir, package_name=package_name)
  File "/opt/homebrew/Cellar/ggshield/1.13.2/libexec/lib/python3.10/site-packages/ggshield/cmd/secret/scan/pypi.py", line 33, in save_package_to_tmp
    subprocess.run(
  File "/opt/homebrew/Cellar/python@3.10/3.10.8/Frameworks/Python.framework/Versions/3.10/lib/python3.10/subprocess.py", line 503, in run
    with Popen(*popenargs, **kwargs) as process:
  File "/opt/homebrew/Cellar/python@3.10/3.10.8/Frameworks/Python.framework/Versions/3.10/lib/python3.10/subprocess.py", line 971, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/opt/homebrew/Cellar/python@3.10/3.10.8/Frameworks/Python.framework/Versions/3.10/lib/python3.10/subprocess.py", line 1847, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'pip'

I have aliased pip to pip3 in my .zshrc and .zshenv, as well as added pip3 to my $PATH.

The issue is that Zsh spawned processes do not seem to respect my settings and just fail when encountering pip

Describe the solution you'd like

There should be a fallback state that tries pip3 if pip causes an error
OR
a flag to tell GG what pip to use. For example: ggshield secret scan pypi PACKAGENAME --pip=pip3

Describe alternatives you've considered

I spent about 10 minutes trying to get zsh to honor pip as pip3 in spawned processes but to no avail.

Additional context

Add any other context or screenshots about the feature request here.

[agateau-gg]

Thanks for the report, that's definitely a bug (I just relabeled it as such). ggshield should not fail with a traceback when a required executable is not found. This is similar to #329.

I think there are two sub issues here:

• ggshield should look for pip3 in addition to pip
• ggshield should fail gracefully if neither pip or pip3 is available