Remove the Safety scanner from the pre-commit hooks and GitHub action

pronovic · Nov 29, 2021 · e97c368 · e97c368
1 parent 92069de
commit e97c368
Show file tree

Hide file tree

Showing 9 changed files with 14 additions and 103 deletions.
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
@@ -30,7 +30,6 @@ jobs:
       - name: Install dependencies
         run: poetry install -v
       - name: Upgrade embedded tools within virtualenv
-        # Safety will alert on these even though they aren't technically dependencies
         run: poetry run pip install --upgrade pip setuptools wheel
       - name: Run Tox test suite
         run: |

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -35,13 +35,6 @@ repos:
         entry: poetry run isort .
         pass_filenames: false
         language: system
-  - repo: local
-    hooks:
-      - id: system
-        name: Safety
-        entry: poetry run safety check
-        pass_filenames: false
-        language: system
   - repo: local
     hooks:
       - id: system

diff --git a/Changelog b/Changelog
@@ -1,3 +1,7 @@
+Version 0.4.2     unreleased
+
+	* Remove the Safety scanner from the pre-commit hooks and GitHub action.
+
 Version 0.4.1     15 Nov 2021
 
 	* Adjust dependencies and build process to support Python 3.10.

diff --git a/DEVELOPER.md b/DEVELOPER.md
@@ -27,7 +27,7 @@ suites and combines the coverage results together into a single report.
 
 This project uses [Poetry](https://python-poetry.org/) to manage Python packaging and dependencies.  Most day-to-day tasks (such as running unit tests from the command line) are orchestrated through Poetry.  
 
-A coding standard is enforced using [Black](https://github.com/psf/black), [isort](https://pypi.org/project/isort/) and [Pylint](https://www.pylint.org/).  Python 3 type hinting is validated using [MyPy](https://pypi.org/project/mypy/).  To reduce boilerplate, classes are defined using [Attrs](https://www.attrs.org/) (see this [rationale](https://glyph.twistedmatrix.com/2016/08/attrs.html)).  Additional code security standards are enforced [Safety](https://github.com/pyupio/safety).
+A coding standard is enforced using [Black](https://github.com/psf/black), [isort](https://pypi.org/project/isort/) and [Pylint](https://www.pylint.org/).  Python 3 type hinting is validated using [MyPy](https://pypi.org/project/mypy/).  To reduce boilerplate, classes are defined using [Attrs](https://www.attrs.org/) (see this [rationale](https://glyph.twistedmatrix.com/2016/08/attrs.html)).
 
 ## Pre-Commit Hooks
 
@@ -350,22 +350,6 @@ source ~/.bash_profile
 |Make console active on message in stderr|_Checked_|
 |Output filters|`$FILE_PATH$:$LINE$:$COLUMN.*`|
 
-#### Run Safety Checks
-
-|Field|Value|
-|-----|-----|
-|Name|`Run Safety Checks`|
-|Description|`Run the Safety code checks`|
-|Group|`Developer Tools`|
-|Program|`$ProjectFileDir$/run`|
-|Arguments|`safety`|
-|Working directory|`$ProjectFileDir$`|
-|Synchronize files after execution|_Checked_|
-|Open console for tool outout|_Checked_|
-|Make console active on message in stdout|_Unchecked_|
-|Make console active on message in stderr|_Unchecked_|
-|Output filters|_Empty_|
-
 ## Release Process
 
 ### Documentation

diff --git a/docs/requirements.txt b/docs/requirements.txt
@@ -3,7 +3,7 @@ astroid==2.8.5; python_version >= "3.6" and python_version < "4.0"
 atomicwrites==1.4.0; python_version >= "3.6" and python_full_version < "3.0.0" and sys_platform == "win32" or sys_platform == "win32" and python_version >= "3.6" and python_full_version >= "3.4.0"
 attrs==21.2.0; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0")
 babel==2.9.1; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
-backports.entry-points-selectable==1.1.1; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "2.7"
+backports.entry-points-selectable==1.1.1; python_version >= "2.7" and python_full_version >= "3.6.1"
 black==21.10b0; python_full_version >= "3.6.2"
 certifi==2021.10.8; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
 cfgv==3.3.1; python_full_version >= "3.6.1"
@@ -12,16 +12,15 @@ click==8.0.3; python_version >= "3.6" and python_full_version >= "3.6.2"
 colorama==0.4.4; sys_platform == "win32" and python_version >= "3.6" and python_full_version >= "3.6.2" and platform_system == "Windows" and python_version < "4.0" and (python_version >= "3.6" and python_full_version < "3.0.0" and sys_platform == "win32" or sys_platform == "win32" and python_version >= "3.6" and python_full_version >= "3.5.0")
 coverage==6.1.2; python_version >= "3.6"
 coveralls==3.3.1; python_version >= "3.5"
-distlib==0.3.3; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0"
+distlib==0.3.3; python_full_version >= "3.6.1"
 docopt==0.6.2; python_version >= "3.5"
 docutils==0.17.1; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
-dparse==0.5.1; python_version >= "3.5"
-filelock==3.3.2; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
+filelock==3.3.2; python_full_version >= "3.6.1" and python_version >= "3.6"
 genshi==0.7.5
 identify==2.3.5; python_full_version >= "3.6.1"
 idna==3.3; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
 imagesize==1.3.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
-importlib-metadata==4.8.2; python_version < "3.8" and python_version >= "3.6" and (python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "3.8" or python_full_version >= "3.5.0" and python_version < "3.8" and python_version >= "3.6") and python_full_version >= "3.6.2"
+importlib-metadata==4.8.2; python_version < "3.8" and python_version >= "3.6" and (python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "3.8" or python_full_version >= "3.5.0" and python_version < "3.8" and python_version >= "3.6") and python_full_version >= "3.6.2" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6")
 iniconfig==1.1.1; python_version >= "3.6"
 isort==5.10.1; python_full_version >= "3.6.1" and python_version < "4.0"
 jinja2==3.0.3; python_version >= "3.6"
@@ -34,21 +33,20 @@ mypy==0.910; python_version >= "3.5"
 nodeenv==1.6.0; python_full_version >= "3.6.1"
 packaging==21.2; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pathspec==0.9.0; python_full_version >= "3.6.2"
-platformdirs==2.4.0; python_version >= "3.6" and python_version < "4.0" and python_full_version >= "3.6.2" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6")
+platformdirs==2.4.0; python_version >= "3.6" and python_version < "4.0" and python_full_version >= "3.6.2"
 pluggy==1.0.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pre-commit==2.15.0; python_full_version >= "3.6.1"
 py==1.11.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pygments==2.10.0; python_version >= "3.6"
 pylint==2.11.1; python_version >= "3.6" and python_version < "4.0"
-pyparsing==2.4.7; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.3.0" and python_version >= "3.6"
+pyparsing==2.4.7; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" and python_version >= "3.6"
 pytest-testdox==2.0.1; python_version >= "3.5"
 pytest==6.2.5; python_version >= "3.6"
 pytz==2021.3
 pyyaml==6.0; python_version >= "3.6" and python_full_version >= "3.6.1"
 regex==2021.11.10; python_full_version >= "3.6.2"
 requests==2.26.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
-safety==1.10.3; python_version >= "3.5"
-six==1.16.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0"
+six==1.16.0; python_full_version >= "3.6.1"
 snowballstemmer==2.1.0; python_version >= "3.6"
 sphinx-autoapi==1.8.4; python_version >= "3.6"
 sphinx==4.3.0; python_version >= "3.6"
@@ -68,4 +66,4 @@ unidecode==1.3.2; python_version >= "3.6"
 urllib3==1.26.7; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version < "4" and python_version >= "3.6"
 virtualenv==20.10.0; python_full_version >= "3.6.1"
 wrapt==1.13.3; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4.0" or python_version >= "3.6" and python_version < "4.0" and python_full_version >= "3.5.0"
-zipp==3.6.0; python_version < "3.8" and python_version >= "3.6"
+zipp==3.6.0; python_version < "3.8" and python_version >= "3.6" and (python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "3.8" or python_full_version >= "3.5.0" and python_version < "3.8" and python_version >= "3.6") and python_full_version >= "3.6.1"
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -44,7 +44,6 @@ black = "^21.10b0"
 mypy = "^0.910"
 isort = "^5.10.0"
 sphinx-autoapi = "^1.8.4"
-safety = "^1.10.3"
 coveralls = "^3.3.1"
 types-pytz = "^2021.3.0"
 

diff --git a/run b/run
@@ -11,7 +11,6 @@ run_install() {
    fi
 
    # Upgrade embedded packages within the virtualenv
-   # Safety will alert on these even though they aren't technically dependencies
    # This command sometimes returns $?=1 on Windows, even though it succeeds <sigh>
    poetry run pip install --quiet --upgrade pip wheel setuptools 2>/dev/null
 
@@ -75,23 +74,6 @@ run_mypy() {
    echo "done"
 }
 
-# Run the Safety code checker
-run_safety() {
-   echo "Running safety checks..."
-
-   poetry run which safety > /dev/null
-   if [ $? != 0 ]; then
-      run_install
-   fi
-
-   poetry run safety check $*
-   if [ $? != 0 ]; then
-      exit 1
-   fi
-
-   echo "done"
-}
-
 # Run the black code formatter
 run_black() {
    echo "Running black formatter..."
@@ -370,9 +352,6 @@ case $1 in
    isort)
       run_isort
       ;;
-   safety)
-      run_safety
-      ;;
    mypy)
       run_mypy
       ;;
@@ -389,8 +368,6 @@ case $1 in
       echo ""
       run_isort --check-only
       echo ""
-      run_safety --bare
-      echo ""
       run_mypy
       echo ""
       run_pylint

diff --git a/utils/tools.ps1 b/utils/tools.ps1
@@ -29,10 +29,5 @@ Switch ($command)
       Write-Output "Running pylint checks..." 
       poetry run pylint -j 0 src/HcoopMeetbot src/hcoopmeetbotlogic tests
     }
-
-    safety {
-      Write-Output "Running safety checks..." 
-      poetry run safety check
-    }
 }