mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-05-17 10:29:49 -05:00
Dries Peeters
768b0b5b6d
Security pytest: - Run an explicit node list instead of -m security over the whole tests tree, so collection stays small and nothing is spuriously deselected. - Use a writable pytest cache under INSTALLATION_CONFIG_DIR and filter the known Flask-SQLAlchemy SAWarning on metadata DROP ordering. - Add scripts/ci/security-pytest.sh and wire Makefile, run-tests.sh/.bat, and ci-comprehensive to call it for a single source of truth. Safety: - Write JSON to .test_installation_config/safety-report.json (with the rest of local CI artifacts) instead of the repo root. - Run scripts/ci/sanitize_safety_report.py after each scan so paths in the report are workspace-relative for artifacts and reviews. - Capture Safety exit codes so failures still print where the report was written; use python -m safety in workflows where appropriate. Release and legacy workflows pick up the new report path, sanitizer, and a pinned Safety install where the CLI is invoked.