Switch to pygit2

[jgowdy]

Considerable performance improvements over both v1.1.2 and v2.0.1 by switching from GitPython to pygit2

[jgowdy]

Remotes (ssh, https, and local+fetch) are working, but the ssh credentials logic needs to allow for an option to specify the location of the files.

Unit tests haven't been fixed up for pygit2

[codecov]

Codecov Report

Merging #122 (93e4485) into master (a7e189b) will decrease coverage by 9.83%.
The diff coverage is 58.67%.

@@            Coverage Diff             @@
##           master     #122      +/-   ##
==========================================
- Coverage   93.53%   83.69%   -9.84%     
==========================================
  Files           9        9              
  Lines         603      736     +133     
  Branches      108      128      +20     
==========================================
+ Hits          564      616      +52     
- Misses         33      103      +70     
- Partials        6       17      +11     

Impacted Files	Coverage Δ
tartufo/cli.py	96.72% <ø> (-3.28%)	⬇️
tartufo/util.py	50.92% <33.01%> (-35.85%)	⬇️
tartufo/scanner.py	90.24% <87.34%> (-1.56%)	⬇️
tartufo/commands/scan_local_repo.py	100.00% <100.00%> (ø)
tartufo/commands/scan_remote_repo.py	100.00% <100.00%> (ø)
tartufo/config.py	91.74% <100.00%> (ø)
tartufo/types.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a7e189b...93d9441. Read the comment docs.

[rdrey]

Just wanted to note that this (#122) and #66 are currently blocked by the wheels for libgit2/pygit2#1024 . pygit2 for pypy3 also doesn't build in the github actions at the moment. (We'd need to install the build-time dependencies of pygit2.) I got the windows tests to pass in my fork.

[tarkatronic]

@jgowdy I had a realization this morning. Really more of an "omg DUH" moment. This is a case to listen to the Zen of Python:

Practicality beats purity.

Why go to all this trouble of handling all of these different protocols for cloning, and trying to fight with another package to get supported added for them cross-platform, when we already have a perfectly working cloning mechanism?

Let's either look at copying over the cloning code from GitPython (with attribution, of course), or go with the less-than-ideal option of simply leaving the GitPython dependency in there, solely for this one usage.

[rdreyer-godaddy]

I like that idea a lot. Clone with GitPython, scan with pygit2. By cloning with GitPython we respect the user's git settings / use the OS' auth setup. By scanning with pygit2 we can ignore all of the user's settings which could otherwise mess with the scan (like the default behaviour in #179).

[jgowdy]

Let's either look at copying over the cloning code from GitPython (with attribution, of course), or go with the less-than-ideal option of simply leaving the GitPython dependency in there, solely for this one usage.

This makes a great deal of sense!

[tarkatronic]

This has been re-implemented in #233.