ci: replace dead safety test with GH actions (#177)

* ci: replace dead test with GH actions * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * name * v1.0.5 * ci: set concurrency * generate temp requirements.txt file for safety check * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * pin requirements for safety check sake * move req to file * cleaning * typo * requirenments * safety scan: setup DEP_PATH env var in safety_check GH env * use a fixed python safety check GitHub Action --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Shay Palachy <[email protected]>
python-cachier · Feb 15, 2024 · 525f7a5 · 525f7a5
1 parent 45143ae
commit 525f7a5
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 15 deletions.
diff --git a/.github/workflows/safety.yml b/.github/workflows/safety.yml
@@ -0,0 +1,22 @@
+name: Check safety
+
+on:
+  pull_request:
+    branches: [master]
+  push:
+    branches: [master]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+jobs:
+  safety:
+    runs-on: "ubuntu-latest"
+    environment: safety_check
+    steps:
+      - uses: actions/[email protected]
+      - name: Security vulnerabilities scan
+        uses: shaypal5/[email protected]
+        with:
+          scan_requirements_file_only: "true"
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -4,3 +4,4 @@ graft wheelhouse
 recursive-exclude __pycache__  *.py[cod] *.orig
 include cachier/version.info
 include README.rst
+include requirements.txt
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,3 @@
+watchdog >=2.3.1
+portalocker >=2.3.2
+setuptools >=67.6.0  # to avoid vulnerability in 56.0.0
diff --git a/setup.py b/setup.py
@@ -11,6 +11,7 @@
 import os.path
 from importlib.util import spec_from_file_location, module_from_spec
 from setuptools import setup, find_packages
+from pkg_resources import parse_requirements
 
 _PATH_HERE = os.path.dirname(__file__)
 
@@ -31,6 +32,15 @@ def _load_py_module(fname: str, pkg: str = "torchmetrics"):
 
 _version = _load_py_module("_version.py")
 
+
+def _load_requirements(
+    path_dir: str = _PATH_HERE, file_name: str = "requirements.txt"
+) -> list:
+    with open(os.path.join(path_dir, file_name)) as fp:
+        reqs = parse_requirements(fp.readlines())
+    return list(map(str, reqs))
+
+
 setup(
     name="cachier",
     version=_version.__version__,
@@ -48,11 +58,7 @@ def _load_py_module(fname: str, pkg: str = "torchmetrics"):
         [console_scripts]
         cachier=cachier.__naim__:cli
     """,
-    install_requires=[
-        "watchdog",
-        "portalocker",
-        "setuptools>=67.6.0",  # to avoid vulnerability in 56.0.0
-    ],
+    install_requires=_load_requirements(),
     platforms=["linux", "osx", "windows"],
     keywords=["cache", "persistence", "mongo", "memoization", "decorator"],
     classifiers=[

diff --git a/tests/test_security.py b/tests/test_security.py