---
# safety checks your installed python dependencies for known
# security vulnerabilities
# https://pypi.org/project/safety/
include:
  - remote: https://jobs.just-ci.dev/recos/python/generic.yml

variables:
  SAFETY_DEFAULT_ARGS: --full-report --check-unpinned-requirements
  SAFETY_EXTRA_ARGS: ""

python:safety:
  extends:
    - .python:pre
    - .python:pre-install
  variables:
    JOB_PACKAGE: safety==3.*
  script:
    - python3 -m venv .venv
    - source .venv/bin/activate
    - pip3 install -q -U pip setuptools
    - !reference [".python:pre", script]
    - !reference [".python:pre-install", script]
    - safety --disable-optional-telemetry check ${SAFETY_DEFAULT_ARGS}
      ${SAFETY_EXTRA_ARGS}
  allow_failure: true