safety updates and ignore unfixable pip issue (#1544)

Co-authored-by: burnettk <burnettk@users.noreply.github.com>
2025-01-27 01:40:48 +00:00 · 2024-05-13 14:23:55 +00:00 · 2024-05-13 14:23:55 +00:00 · c967af3d65
commit c967af3d65
parent 2479f8a291
3 changed files with 20 additions and 11 deletions
--- a/spiffworkflow-backend/bin/run_ci_session
+++ b/spiffworkflow-backend/bin/run_ci_session
@ -7,7 +7,10 @@ function error_handler() {
 trap 'error_handler ${LINENO} $?' ERR
 set -o errtrace -o errexit -o nounset -o pipefail

-script_dir="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+script_dir="$(
+  cd -- "$(dirname "$0")" >/dev/null 2>&1
+  pwd -P
+)"
 supported_session_types=$(grep -E '^(el)?if.*\<session_type\>.*==' "$0" | sed -E 's/.*== "([^"]+)".*/\1/' | tr '\n' ' ')

 session_type="${1:-}"
@ -45,10 +48,10 @@ function setup_db_for_ci() {
      rm -rf "migrations"
    fi

-      # Run the 'init' and 'migrate' tasks using flask
-      poetry run flask db init
-      poetry run flask db migrate
-    fi
+    # Run the 'init' and 'migrate' tasks using flask
+    poetry run flask db init
+    poetry run flask db migrate
+  fi

  # Run the 'upgrade' task using flask
  poetry run flask db upgrade
@ -68,11 +71,11 @@ elif [[ "${session_type}" == "mypy" ]]; then
  poetry run mypy src tests

 elif [[ "${session_type}" == "safety" ]]; then
-  poetry run safety check --full-report
+  poetry run safety check --ignore=67599 --full-report

 elif [[ "${session_type}" == "coverage" ]]; then
-  if ls .coverage.* 1> /dev/null 2>&1; then
-      poetry run coverage combine
+  if ls .coverage.* 1>/dev/null 2>&1; then
+    poetry run coverage combine
  fi
  poetry run coverage report
  poetry run coverage xml
--- a/spiffworkflow-backend/poetry.lock
+++ b/spiffworkflow-backend/poetry.lock
@ -2753,13 +2753,13 @@ files = [

 [[package]]
 name = "safety"
-version = "3.1.0"
+version = "3.2.0"
 description = "Checks installed dependencies for known vulnerabilities and licenses."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "safety-3.1.0-py3-none-any.whl", hash = "sha256:f2ba2d36f15ac1e24751547a73b854509a7d6db31efd30b57f64ffdf9d021934"},
-    {file = "safety-3.1.0.tar.gz", hash = "sha256:71f47b82ece153ec2f240e277f7cbfa70d5da2e0d143162c67f63b2f7459a1aa"},
+    {file = "safety-3.2.0-py3-none-any.whl", hash = "sha256:a432fc9d17e79a4386c4f093656b617c56f839cde022649cfa796d72c7a544de"},
+    {file = "safety-3.2.0.tar.gz", hash = "sha256:8bd5cab5f3d8a61ce0ea6e98f267c1006d056097c45c644fee7afeff7d5949c1"},
 ]

 [package.dependencies]
--- a/spiffworkflow-backend/pyproject.toml
+++ b/spiffworkflow-backend/pyproject.toml
@ -244,3 +244,9 @@ line-length = 130
 [build-system]
 requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
+
+[tool.safety]
+# you can generate a config file for safety, but this doesn't work with safety check.
+# it complains about the config file being in too new a format.
+# you have to use safety scan, which requires a login.
+# so in the meantime, we're ignoring an unfixable issue in ./bin/run_ci_session itself