chore: remove shell flag usage in project scripts

[gruebel]

This PR

• also replaced the cp and rm commands with proper Python code

[gemini-code-assist]

Summary of Changes

Hello @gruebel, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the project's utility scripts to eliminate the use of shell=True in subprocess.run calls and replaces direct shell commands with their Python equivalents. This change significantly improves the security posture of the scripts by preventing potential shell injection vulnerabilities and enhances their robustness and cross-platform compatibility.

Highlights

• Security and Best Practices: All instances of subprocess.run that previously used shell=True have been refactored to pass commands as a list of arguments, enhancing security by mitigating shell injection risks.
• Pythonic File Operations: Direct shell commands for file copying (cp) and removal (rm) within the e2e function have been replaced with native Python shutil.copytree and pathlib.Path.unlink operations, improving script maintainability and portability.
• Code Clean-up: The ruff: noqa: S602 directive, which suppressed warnings related to shell=True, has been removed as it is no longer necessary.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.89%. Comparing base (74409bf) to head (6de9098).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #538   +/-   ##
=======================================
  Coverage   97.89%   97.89%           
=======================================
  Files          39       39           
  Lines        1849     1849           
=======================================
  Hits         1810     1810           
  Misses         39       39           

Flag	Coverage Δ
unittests	97.89% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request effectively removes the use of shell=True in subprocess.run calls, which is a great security improvement. It also replaces shell commands like cp and rm with Python's standard library functions, making the scripts more robust and platform-independent. I have one suggestion regarding the use of shutil.copytree to ensure it perfectly matches the behavior of the original cp command and avoids potential side effects.