mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-05-17 18:38:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
154d3a5db651da4a8da381c412c4f1507a48af80
TimeTracker/scripts/ci/security-pytest.sh
T
Dries Peeters 768b0b5b6d fix(ci): harden security pytest lane and Safety report output 
Security pytest:
- Run an explicit node list instead of -m security over the whole tests
  tree, so collection stays small and nothing is spuriously deselected.
- Use a writable pytest cache under INSTALLATION_CONFIG_DIR and filter
  the known Flask-SQLAlchemy SAWarning on metadata DROP ordering.
- Add scripts/ci/security-pytest.sh and wire Makefile, run-tests.sh/.bat,
  and ci-comprehensive to call it for a single source of truth.

Safety:
- Write JSON to .test_installation_config/safety-report.json (with the
  rest of local CI artifacts) instead of the repo root.
- Run scripts/ci/sanitize_safety_report.py after each scan so paths in
  the report are workspace-relative for artifacts and reviews.
- Capture Safety exit codes so failures still print where the report was
  written; use python -m safety in workflows where appropriate.

Release and legacy workflows pick up the new report path, sanitizer,
and a pinned Safety install where the CLI is invoked.
2026-05-13 12:46:35 +02:00

9 lines
276 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Run the same security pytest set as ci_security_pytest (single entry for CI + Makefile).
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=lib.sh
source "${SCRIPT_DIR}/lib.sh"
ci_init_env
ci_security_pytest
Reference in New Issue View Git Blame Copy Permalink