Remove dependency:audit from CI pipelines as unnecessary and reduce options

Author: ArBridgeman

.github/workflows/checks.yml

@@ -137,25 +137,6 @@ jobs:
           path: .security.json
           include-hidden-files: true
 
-  Vulnerabilities:
-    name: Check Vulnerabilities (Python-${{ matrix.python-version }})
-    needs: [ Version-Check, build-matrix ]
-    runs-on: ubuntu-24.04
-    strategy:
-      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
-
-    steps:
-      - name: SCM Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Python & Poetry Environment
-        uses: ./.github/actions/python-environment
-        with:
-          python-version: ${{ matrix.python-version }}
-
-      - name: Run Package vulnerabilities Check
-        run: poetry run nox -s dependency:audit
-
   Format:
     name: Format Check
     runs-on: ubuntu-24.04

exasol/toolbox/nox/_dependencies.py

@@ -217,23 +217,6 @@ def _normalize_package_name(name: str) -> str:
     return template.format(heading=heading(), rows=rows)
 
 
-class PipAuditFormat(Enum):
-    columns = auto()
-    json = auto()
-
-    @classmethod
-    def _missing_(cls, value):
-        if isinstance(value, str):
-            for member in cls:
-                if member.name == value.lower():
-                    return member
-        return None
-
-    @classmethod
-    def name_tuple(cls) -> tuple:
-        return tuple(fmt.name for fmt in PipAuditFormat)
-
-
 class Audit:
     @staticmethod
     def _filter_json_for_vulnerabilities(audit_json_bytes: bytes) -> dict:
@@ -272,14 +255,6 @@ def _parse_args(session) -> argparse.Namespace:
             description="Audits dependencies for security vulnerabilities",
             usage="nox -s dependency:audit -- -- [options]",
         )
-        parser.add_argument(
-            "-f",
-            "--format",
-            type=str,
-            default=PipAuditFormat.columns.name,
-            help="Format to emit audit results in",
-            choices=PipAuditFormat.name_tuple(),
-        )
         parser.add_argument(
             "-o",
             "--output",
@@ -291,28 +266,21 @@ def _parse_args(session) -> argparse.Namespace:
 
     def run(self, session: Session) -> None:
         args = self._parse_args(session)
-        audit_format = PipAuditFormat[args.format]
-
-        command = ["poetry", "run", "pip-audit", "-f", audit_format.name]
-        if audit_format == PipAuditFormat.columns:
-            if args.output:
-                command.extend(["-o", args.output])
-            session.run(*command)
 
-        elif audit_format == PipAuditFormat.json:
-            output = subprocess.run(command, capture_output=True)
-            audit_json = self._filter_json_for_vulnerabilities(output.stdout)
+        command = ["poetry", "run", "pip-audit", "-f", "json"]
+        output = subprocess.run(command, capture_output=True)
 
-            if args.output:
-                with open(args.output, "w") as file:
-                    json.dump(audit_json, file)
-            else:
-                print(audit_json)
+        audit_json = self._filter_json_for_vulnerabilities(output.stdout)
+        if args.output:
+            with open(args.output, "w") as file:
+                json.dump(audit_json, file)
+        else:
+            print(json.dumps(audit_json, indent=2))
 
-            if output.returncode != 0:
-                session.warn(
-                    f"Command {' '.join(command)} failed with exit code {output.returncode}",
-                )
+        if output.returncode != 0:
+            session.warn(
+                f"Command {' '.join(command)} failed with exit code {output.returncode}",
+            )
 
 
 @nox.session(name="dependency:licenses", python=False)

exasol/toolbox/templates/github/workflows/checks.yml

@@ -139,25 +139,6 @@ jobs:
           path: .security.json
           include-hidden-files: true
 
-  Vulnerabilities:
-    name: Check Vulnerabilities (Python-${{ matrix.python-version }})
-    needs: [ Version-Check, build-matrix ]
-    runs-on: ubuntu-24.04
-    strategy:
-      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
-
-    steps:
-      - name: SCM Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Python & Poetry Environment
-        uses: ./.github/actions/python-environment
-        with:
-          python-version: ${{ matrix.python-version }}
-
-      - name: Run Package vulnerabilities Check
-        run: poetry run nox -s dependency:audit
-
   Format:
     name: Format Check
     runs-on: ubuntu-24.04