Update daily checks to match PR checks

This changeset adds the same additional steps needed in our PR checks to make sure the daily checks work properly with the recent Poetry update. It also updates our PR checks to use the latest pip-audit GitHub action. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2025-12-12 00:02:36 -05:00 · 2025-06-02 09:23:02 -04:00
parent abdaa74d0b
commit 8af59b1c55
3 changed files with 13 additions and 5 deletions
--- a/.ds.baseline
+++ b/.ds.baseline
@@ -161,7 +161,7 @@
        "filename": ".github/workflows/daily_checks.yml",
        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
        "is_verified": false,
-        "line_number": 63,
+        "line_number": 71,
        "is_secret": false
      },
      {
@@ -169,7 +169,7 @@
        "filename": ".github/workflows/daily_checks.yml",
        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
        "is_verified": false,
-        "line_number": 79,
+        "line_number": 87,
        "is_secret": false
      }
    ],
@@ -384,5 +384,5 @@
      }
    ]
  },
-  "generated_at": "2025-05-29T17:15:40Z"
+  "generated_at": "2025-06-02T13:22:36Z"
 }
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -96,7 +96,7 @@ jobs:
        run: |
          echo "Contents of requirements.txt:"
          cat requirements.txt
-      - uses: pypa/gh-action-pip-audit@v1.0.8
+      - uses: pypa/gh-action-pip-audit@v1.1.0
        with:
          inputs: requirements.txt
          ignore-vulns: |
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -26,7 +26,15 @@ jobs:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-project
      - name: Create requirements.txt
-        run: poetry export --output requirements.txt
+        run: poetry export --output requirements_tmp.txt --without-hashes
+      - name: Filter requirements.txt
+        run: grep -v "oscrypto@ git" requirements_tmp.txt > requirements.txt
+      - name: Verify requirements.txt
+        run: ls -l requirements.txt
+      - name: Print requirements.txt
+        run: |
+          echo "Contents of requirements.txt:"
+          cat requirements.txt
      - uses: pypa/gh-action-pip-audit@v1.1.0
        with:
          inputs: requirements.txt