Move PoetryFiles and create poetry_files_from_latest_tag in shared_models. Add get_vulnerabilities_from_latest_tag

Author: ArBridgeman

exasol/toolbox/nox/_lint.py

@@ -11,7 +11,7 @@
 from nox import Session
 
 from exasol.toolbox.nox._shared import python_files
-from exasol.toolbox.util.dependencies.poetry_dependencies import PoetryFiles
+from exasol.toolbox.util.dependencies.shared_models import PoetryFiles
 from noxconfig import PROJECT_CONFIG
 
 

exasol/toolbox/nox/_release.py

@@ -14,7 +14,7 @@
     check_for_config_attribute,
 )
 from exasol.toolbox.nox.plugin import NoxTasks
-from exasol.toolbox.util.dependencies.poetry_dependencies import PoetryFiles
+from exasol.toolbox.util.dependencies.shared_models import PoetryFiles
 from exasol.toolbox.util.git import Git
 from exasol.toolbox.util.release.changelog import Changelogs
 from exasol.toolbox.util.version import (

exasol/toolbox/util/dependencies/audit.py

@@ -8,12 +8,14 @@
 from re import search
 from typing import (
     Any,
-    Union,
 )
 
 from pydantic import BaseModel
 
-from exasol.toolbox.util.dependencies.shared_models import Package
+from exasol.toolbox.util.dependencies.shared_models import (
+    Package,
+    poetry_files_from_latest_tag,
+)
 
 PIP_AUDIT_VULNERABILITY_PATTERN = (
     r"^Found \d+ known vulnerabilit\w{1,3} in \d+ package\w?$"
@@ -145,3 +147,8 @@ def security_issue_dict(self) -> list[dict[str, str | list[str]]]:
         return [
             vulnerability.security_issue_entry for vulnerability in self.vulnerabilities
         ]
+
+
+def get_vulnerabilities_from_latest_tag():
+    with poetry_files_from_latest_tag() as tmp_dir:
+        return Vulnerabilities.load_from_pip_audit(working_directory=tmp_dir)

exasol/toolbox/util/dependencies/poetry_dependencies.py

@@ -1,11 +1,8 @@
 from __future__ import annotations
 
 import subprocess
-import tempfile
 from collections import OrderedDict
-from dataclasses import dataclass
 from pathlib import Path
-from typing import Final
 
 import tomlkit
 from pydantic import (
@@ -17,9 +14,9 @@
 from exasol.toolbox.util.dependencies.shared_models import (
     NormalizedPackageStr,
     Package,
+    PoetryFiles,
+    poetry_files_from_latest_tag,
 )
-from exasol.toolbox.util.git import Git
-from noxconfig import PROJECT_CONFIG
 
 
 class PoetryGroup(BaseModel):
@@ -29,16 +26,6 @@ class PoetryGroup(BaseModel):
     toml_section: str | None
 
 
-@dataclass(frozen=True)
-class PoetryFiles:
-    pyproject_toml: Final[str] = "pyproject.toml"
-    poetry_lock: Final[str] = "poetry.lock"
-
-    @property
-    def files(self) -> tuple[str, ...]:
-        return tuple(self.__dict__.values())
-
-
 TRANSITIVE_GROUP = PoetryGroup(name="transitive", toml_section=None)
 
 
@@ -175,10 +162,5 @@ def get_dependencies(
 def get_dependencies_from_latest_tag() -> (
     OrderedDict[str, dict[NormalizedPackageStr, Package]]
 ):
-    latest_tag = Git.get_latest_tag()
-    path = PROJECT_CONFIG.root.relative_to(Git.toplevel())
-    with tempfile.TemporaryDirectory() as tmpdir_str:
-        tmpdir = Path(tmpdir_str)
-        for file in PoetryFiles().files:
-            Git.checkout(latest_tag, path / file, tmpdir / file)
-        return get_dependencies(working_directory=tmpdir)
+    with poetry_files_from_latest_tag() as tmp_dir:
+        return get_dependencies(working_directory=tmp_dir)

exasol/toolbox/util/dependencies/shared_models.py

@@ -1,7 +1,13 @@
 from __future__ import annotations
 
+import tempfile
+from collections.abc import Generator
+from contextlib import contextmanager
+from dataclasses import dataclass
+from pathlib import Path
 from typing import (
     Annotated,
+    Final,
     NewType,
 )
 
@@ -12,6 +18,9 @@
     ConfigDict,
 )
 
+from exasol.toolbox.util.git import Git
+from noxconfig import PROJECT_CONFIG
+
 NormalizedPackageStr = NewType("NormalizedPackageStr", str)
 
 VERSION_TYPE = Annotated[str, AfterValidator(lambda v: Version(v))]
@@ -30,3 +39,25 @@ class Package(BaseModel):
     @property
     def normalized_name(self) -> NormalizedPackageStr:
         return normalize_package_name(self.name)
+
+
+@dataclass(frozen=True)
+class PoetryFiles:
+    pyproject_toml: Final[str] = "pyproject.toml"
+    poetry_lock: Final[str] = "poetry.lock"
+
+    @property
+    def files(self) -> tuple[str, ...]:
+        return tuple(self.__dict__.values())
+
+
+@contextmanager
+def poetry_files_from_latest_tag() -> Generator[Path]:
+    """Context manager to set up a temporary directory with poetry files from the latest tag"""
+    latest_tag = Git.get_latest_tag()
+    path = PROJECT_CONFIG.root.relative_to(Git.toplevel())
+    with tempfile.TemporaryDirectory() as tmpdir_str:
+        tmp_dir = Path(tmpdir_str)
+        for file in PoetryFiles().files:
+            Git.checkout(latest_tag, path / file, tmp_dir / file)
+        yield tmp_dir