From 8ddeb33676f842a6455368f631b6a5cf9fbac06c Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 20:40:48 +0000 Subject: [PATCH] chore(ci): remove Snyk (#193) Reviewed-on: https://git.tainton.uk/repos/epage/pulls/193 --- .../build_docker.yml | 0 .../snyk.yml | 0 .gitea/workflows/ci.yml | 34 +++++++++---------- pyproject.toml | 4 +-- renovate.json | 2 ++ 5 files changed, 21 insertions(+), 19 deletions(-) rename .gitea/{workflows => workflows-disabled}/build_docker.yml (100%) rename .gitea/{workflows => workflows-disabled}/snyk.yml (100%) diff --git a/.gitea/workflows/build_docker.yml b/.gitea/workflows-disabled/build_docker.yml similarity index 100% rename from .gitea/workflows/build_docker.yml rename to .gitea/workflows-disabled/build_docker.yml diff --git a/.gitea/workflows/snyk.yml b/.gitea/workflows-disabled/snyk.yml similarity index 100% rename from .gitea/workflows/snyk.yml rename to .gitea/workflows-disabled/snyk.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 5afd216..138740b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -64,19 +64,19 @@ jobs: # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Set up environment for Snyk - run: | - uv pip freeze > requirements.txt - mv pyproject.toml pyproject.toml.bak - mv uv.lock uv.lock.bak + # - name: Set up environment for Snyk + # run: | + # uv pip freeze > requirements.txt + # mv pyproject.toml pyproject.toml.bak + # mv uv.lock uv.lock.bak - - name: Snyk SAST Scan - uses: snyk/actions/python@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # command: snyk - args: snyk code test #--all-projects --exclude=.archive + # - name: Snyk SAST Scan + # uses: snyk/actions/python@master + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # # command: snyk + # args: snyk code test #--all-projects --exclude=.archive # - name: Snyk Vulnerability Scan # uses: snyk/actions/python@master @@ -88,8 +88,8 @@ jobs: # # command: snyk # args: snyk test #--all-projects --exclude=.archive - - name: Reverse set up environment for Snyk - run: | - rm -f requirements.txt - mv pyproject.toml.bak pyproject.toml - mv uv.lock.bak uv.lock + # - name: Reverse set up environment for Snyk + # run: | + # rm -f requirements.txt + # mv pyproject.toml.bak pyproject.toml + # mv uv.lock.bak uv.lock diff --git a/pyproject.toml b/pyproject.toml index e6c939e..c6a1ea9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,8 +10,8 @@ dependencies = [ "requests>=2.32.3", ] -[tool.uv] -dev-dependencies = [ +[dependency-groups] +dev = [ "black<26.1.1,>=26.1.0", "coverage<8.0.0,>=7.6.10", "isort<7.0.1,>=7.0.0", diff --git a/renovate.json b/renovate.json index e95e1f0..8bce63f 100644 --- a/renovate.json +++ b/renovate.json @@ -11,6 +11,8 @@ "semanticCommits": "enabled", "semanticCommitScope": "deps", "semanticCommitType": "feat", + "osvVulnerabilityAlerts": true, + "dependencyDashboardOSVVulnerabilitySummary": "all", "vulnerabilityAlerts": { "commitMessagePrefix": "[SECURITY] ", "enabled": true,