move safety check to pre-commit

gruebel · gruebel · commit 0b65a6c990b7 · 2024-07-18T21:16:51.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -46,7 +46,6 @@ jobs:
       - run: invoke integration.version
       - run: invoke integration.initialize
       - run: invoke unit.pytest
-      - run: invoke test.security
       - run: invoke integration.query
       - run: invoke integration.write-policy
       - run: invoke build.uninstall-package
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -29,7 +29,6 @@ jobs:
       - run: invoke integration.version
       - run: invoke integration.initialize
       - run: invoke unit.pytest
-      - run: invoke test.security
       - run: invoke integration.query
       - run: invoke integration.write-policy
       - run: invoke build.uninstall-package
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
@@ -63,8 +63,6 @@ jobs:
       - run: invoke integration.version
       - run: invoke integration.initialize
       - run: invoke unit.pytest
-#      - run: invoke test.lint
-      - run: invoke test.security
       - run: invoke integration.query
       - run: invoke integration.write-policy
       - run: invoke build.uninstall-package
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -16,3 +16,8 @@ repos:
         files: ^policy_sentry/
       - id: ruff-format
         files: ^policy_sentry/
+  - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
+    rev: v1.3.3
+    hooks:
+      - id: python-safety-dependencies-check
+        files: ^requirements.txt
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -5,8 +5,6 @@ pytest==8.2.2
 coverage==7.6.0
 # Integration tests and tasks
 invoke==2.2.0
-# Security testing
-safety==3.2.4
 # Type hints
 mypy==1.10.1
 types-pyyaml==6.0.12.20240311
diff --git a/tasks.py b/tasks.py
@@ -269,20 +269,6 @@ def query_with_yaml(c):
         sys.exit(1)
 
 
-# TEST - SECURITY
-@task
-def security_scan(c):
-    """Runs `safety check`"""
-    try:
-        c.run("safety check")
-    except UnexpectedExit as u_e:
-        logger.critical(f"FAIL! UnexpectedExit: {u_e}")
-        sys.exit(1)
-    except Failure as f_e:
-        logger.critical(f"FAIL: Failure: {f_e}")
-        sys.exit(1)
-
-
 # TEST - type check
 @task
 def run_mypy(c):
@@ -336,7 +322,6 @@ def build_docker(c):
 
 # test.add_task(run_full_test_suite, 'all')
 test.add_task(run_mypy, "type-check")
-test.add_task(security_scan, "security")
 
 build.add_task(build_package, "build-package")
 build.add_task(install_package, "install-package")
