From cd7da37fa91f2c8a7dbd6a49cccca4f954cb2acc Mon Sep 17 00:00:00 2001
From: Ryan Ahearn <ryan.ahearn@gsa.gov>
Date: Wed, 19 Oct 2022 10:09:09 -0400
Subject: [PATCH] Only run pip-audit on runtime dependencies in CI

---
 .github/workflows/checks.yml       | 2 +-
 .github/workflows/daily_checks.yml | 2 +-
 Makefile                           | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 8cbbda589..57e11688e 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -73,7 +73,7 @@ jobs:
       - uses: ./.github/actions/setup-project
       - uses: trailofbits/gh-action-pip-audit@v1.0.0
         with:
-          inputs: requirements.txt requirements_for_test.txt
+          inputs: requirements.txt
           ignore-vulns: PYSEC-2022-237
 
   static-scan:
diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml
index 3846c3a79..06dd0bc19 100644
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -40,7 +40,7 @@ jobs:
       - uses: ./.github/actions/setup-project
       - uses: trailofbits/gh-action-pip-audit@v1.0.0
         with:
-          inputs: requirements.txt requirements_for_test.txt
+          inputs: requirements.txt
           ignore-vulns: PYSEC-2022-237
 
   static-scan:
diff --git a/Makefile b/Makefile
index 18caff76d..701ae3380 100644
--- a/Makefile
+++ b/Makefile
@@ -75,7 +75,8 @@ freeze-requirements: ## Pin all requirements including sub dependencies into req
 .PHONY: audit
 audit:
 	pip install --upgrade pip-audit
-	pip-audit -r requirements.txt -r requirements_for_test.txt -l --ignore-vuln PYSEC-2022-237
+	pip-audit -r requirements.txt -l --ignore-vuln PYSEC-2022-237
+	-pip-audit -r requirements_for_test.txt -l
 
 .PHONY: static-scan
 static-scan: