MITLibraries / dspace-submission-composer

96%

main: 95%

LAST BUILD ON BRANCH IN-1236-rename-s3-bucket-env

branch: IN-1236-rename-s3-bucket-env

CHANGE BRANCH

x

Reset

Sync Branches

• IN-1236-rename-s3-bucket-env
• 1319-create-separate-folder-for-dspace-metadata
• IN-1095-simplecsv-workflow
• IN-1096-ocw-workflow
• IN-1097-wiley-workflow
• IN-1098-sccs-workflow
• IN-1099-aws-clients
• IN-1099-ses-and-sqs-clients
• IN-1099-ses-sqs-clients
• IN-1100-archivesspace-workflow
• IN-1101-base-workflow
• IN-1101-sqs-refactor
• IN-1103-reconcile-cli-command
• IN-1104-deposit-command
• IN-1105-finalize-command
• IN-1106-add-docs
• IN-1108-setup-app
• IN-1157-build-report-system
• IN-1158-revise-reconcile-method
• IN-1167-remove-demo-workflow
• IN-1172-improve-logging-for-submit-and-finalize-methods
• IN-1172-logging-for-finalize-methods
• IN-1173-create-reconcile-report
• IN-1174-create-submit-report
• IN-1176-opencourseware-subjects-field
• IN-1186-simplecsv-fix-item-identifiers
• IN-1227-update-dsc-to-use-s3-bucket
• IN-1235-set-sqs-output-queues
• IN-1315-create-item-db-model
• IN-1316-update-reconcile-command-to-use-dynamodb
• IN-1317-submit-dynamodb
• IN-1318-update-finalize-command-to-use-dynamodb
• IN-1319-create-separate-folder-for-dspace-metadata
• IN-1320-consolidate-results-in-finalize-report
• IN-1323-improve-methods-for-processing-result-messages
• IN-1324-workflows-use-single-output-queue
• IN-1341-rename-env-var-for-item-submissions-table
• IN-1344-finalize-fix-args-when-getting-record-from-dynamodb
• IN-1352-add-sync-cli-command
• IN-1354-itemsubmission-class-update
• IN-1355-refactor-reconcile-for-itemsubmission
• IN-1356-update-submit
• IN-1357-finalize-refactor
• IN-1394-opencourseware-use-metadata-transformer
• IN-1408-reconcile-by-record
• IN-1409-repo-alignment
• IN-1428-opencourseware-contrib-department-field-method
• IN-1431-align-methods-for-retrieving-source-metadata
• IN-1432-cache-bitstreams-to-workflow
• IN-1433-define-record-level-reconcile-item-methods
• IN-1455-create-batch-for-base-workflow
• IN-1455-create-batch-for-base-workflow-update
• IN-1456-add-create-cli-command
• IN-1460-add-batch-creation-report
• IN-1460-refactor-reporting-modules
• IN-1511-ocw-prepare-batch-method-and-review
• IN-1512-report-on-failures-during-batch-creation
• INFRA-509-sccs-deposit-request
• dependabot/pip/boto3-1.35.76
• dependabot/pip/boto3-1.35.77
• dependabot/pip/boto3-1.35.78
• dependabot/pip/boto3-1.35.79
• dependabot/pip/boto3-1.35.80
• dependabot/pip/boto3-1.35.81
• dependabot/pip/boto3-1.35.82
• dependabot/pip/boto3-1.35.83
• dependabot/pip/boto3-1.35.84
• dependabot/pip/boto3-1.35.85
• dependabot/pip/boto3-1.35.86
• dependabot/pip/boto3-1.35.87
• dependabot/pip/boto3-1.35.88
• dependabot/pip/boto3-1.35.89
• dependabot/pip/boto3-1.35.90
• dependabot/pip/boto3-1.35.91
• dependabot/pip/boto3-1.35.92
• dependabot/pip/boto3-1.35.93
• dependabot/pip/boto3-1.35.94
• dependabot/pip/boto3-1.35.95
• dependabot/pip/boto3-1.35.96
• dependabot/pip/boto3-1.35.97
• dependabot/pip/boto3-1.35.98
• dependabot/pip/boto3-1.35.99
• dependabot/pip/boto3-1.36.0
• dependabot/pip/boto3-1.36.1
• dependabot/pip/boto3-1.36.10
• dependabot/pip/boto3-1.36.11
• dependabot/pip/boto3-1.36.12
• dependabot/pip/boto3-1.36.13
• dependabot/pip/boto3-1.36.14
• dependabot/pip/boto3-1.36.15
• dependabot/pip/boto3-1.36.16
• dependabot/pip/boto3-1.36.17
• dependabot/pip/boto3-1.36.18
• dependabot/pip/boto3-1.36.19
• dependabot/pip/boto3-1.36.2
• dependabot/pip/boto3-1.36.20
• dependabot/pip/boto3-1.36.21
• dependabot/pip/boto3-1.36.22
• dependabot/pip/boto3-1.36.23
• dependabot/pip/boto3-1.36.24
• dependabot/pip/boto3-1.36.25
• dependabot/pip/boto3-1.36.26
• dependabot/pip/boto3-1.36.3
• dependabot/pip/boto3-1.36.4
• dependabot/pip/boto3-1.36.5
• dependabot/pip/boto3-1.36.6
• dependabot/pip/boto3-1.36.7
• dependabot/pip/boto3-1.36.8
• dependabot/pip/boto3-1.36.9
• dependabot/pip/boto3-1.37.0
• dependabot/pip/boto3-1.37.1
• dependabot/pip/boto3-1.37.2
• dependabot/pip/boto3-1.37.3
• dependabot/pip/boto3-1.37.4
• dependabot/pip/boto3-stubs-1.35.76
• dependabot/pip/boto3-stubs-1.35.77
• dependabot/pip/boto3-stubs-1.35.78
• dependabot/pip/boto3-stubs-1.35.79
• dependabot/pip/boto3-stubs-1.35.80
• dependabot/pip/boto3-stubs-1.35.81
• dependabot/pip/boto3-stubs-1.35.82
• dependabot/pip/boto3-stubs-1.35.83
• dependabot/pip/boto3-stubs-1.35.84
• dependabot/pip/boto3-stubs-1.35.85
• dependabot/pip/boto3-stubs-1.35.86
• dependabot/pip/boto3-stubs-1.35.87
• dependabot/pip/boto3-stubs-1.35.88
• dependabot/pip/boto3-stubs-1.35.89
• dependabot/pip/boto3-stubs-1.35.90
• dependabot/pip/boto3-stubs-1.35.91
• dependabot/pip/boto3-stubs-1.35.92
• dependabot/pip/boto3-stubs-1.35.93
• dependabot/pip/boto3-stubs-1.35.94
• dependabot/pip/boto3-stubs-1.35.95
• dependabot/pip/boto3-stubs-1.35.96
• dependabot/pip/boto3-stubs-1.35.97
• dependabot/pip/boto3-stubs-1.35.98
• dependabot/pip/boto3-stubs-1.35.99
• dependabot/pip/boto3-stubs-1.36.0
• dependabot/pip/boto3-stubs-1.36.1
• dependabot/pip/boto3-stubs-1.36.10
• dependabot/pip/boto3-stubs-1.36.11
• dependabot/pip/boto3-stubs-1.36.12
• dependabot/pip/boto3-stubs-1.36.13
• dependabot/pip/boto3-stubs-1.36.14
• dependabot/pip/boto3-stubs-1.36.15
• dependabot/pip/boto3-stubs-1.36.16
• dependabot/pip/boto3-stubs-1.36.17
• dependabot/pip/boto3-stubs-1.36.18
• dependabot/pip/boto3-stubs-1.36.2
• dependabot/pip/boto3-stubs-1.36.21
• dependabot/pip/boto3-stubs-1.36.22
• dependabot/pip/boto3-stubs-1.36.23
• dependabot/pip/boto3-stubs-1.36.24
• dependabot/pip/boto3-stubs-1.36.25
• dependabot/pip/boto3-stubs-1.36.26
• dependabot/pip/boto3-stubs-1.36.3
• dependabot/pip/boto3-stubs-1.36.4
• dependabot/pip/boto3-stubs-1.36.5
• dependabot/pip/boto3-stubs-1.36.6
• dependabot/pip/boto3-stubs-1.36.7
• dependabot/pip/boto3-stubs-1.36.8
• dependabot/pip/boto3-stubs-1.36.9
• dependabot/pip/boto3-stubs-1.37.0
• dependabot/pip/boto3-stubs-1.37.1
• dependabot/pip/boto3-stubs-1.37.2
• dependabot/pip/boto3-stubs-1.37.3
• dependabot/pip/boto3-stubs-1.37.4
• dependabot/pip/cryptography-44.0.1
• dependabot/pip/jinja2-3.1.5
• dependabot/pip/moto-5.0.23
• dependabot/pip/moto-5.0.24
• dependabot/pip/moto-5.0.25
• dependabot/pip/moto-5.0.26
• dependabot/pip/moto-5.0.27
• dependabot/pip/moto-5.0.28
• dependabot/pip/mypy-1.14.0
• dependabot/pip/mypy-1.14.1
• dependabot/pip/mypy-1.15.0
• dependabot/pip/pre-commit-4.1.0
• dependabot/pip/pytest-8.3.4
• dependabot/pip/ruff-0.8.1
• dependabot/pip/ruff-0.8.2
• dependabot/pip/ruff-0.8.3
• dependabot/pip/ruff-0.8.4
• dependabot/pip/ruff-0.8.5
• dependabot/pip/ruff-0.8.6
• dependabot/pip/ruff-0.9.0
• dependabot/pip/ruff-0.9.1
• dependabot/pip/ruff-0.9.2
• dependabot/pip/ruff-0.9.3
• dependabot/pip/ruff-0.9.4
• dependabot/pip/ruff-0.9.5
• dependabot/pip/ruff-0.9.6
• dependabot/pip/ruff-0.9.7
• dependabot/pip/ruff-0.9.8
• dependabot/pip/ruff-0.9.9
• dependabot/pip/sentry-sdk-2.19.0
• dependabot/pip/sentry-sdk-2.19.1
• dependabot/pip/sentry-sdk-2.19.2
• dependabot/pip/sentry-sdk-2.20.0
• dependabot/pip/sentry-sdk-2.22.0
• infra-flow
• main
• ocw-mapping-fix
• refactor-cli-options
• support-for-dynamodb
• workaround

Build # 15027067303

Build Type

Pull #173

github

Committed by jonavellecuerdo

Commit Message

Replace pipenv check with pip-audit

Why these changes are being introduced:

As of pipenv 2025.0.1 the use of `pipenv check` would throw
an error, indicating that the library `safety` was not installed.
It worked to run `pipenv check --auto-install` which would
temporarily install `safety`, but this was not ideal for multiple
reasons.

First, we anticipate potentially moving away from `pipenv`.

Second, it appears that `safety` is moving to a pay / subscription
model.

Third, it remains a little obfuscated what `pipenv check` is actually
doing.

As this new situation affects all builds in Github Actions CI,
we need a way to scan for vulnerabilities that ideally is not
a massive overhaul of our vulnerability scanning approach.

How this addresses that need:

`pip-audit` is a nice standalone, open-source library that
performs very similar work to `safety`.

This commit replaces `pipenv check` (which was `safety` under
the hood) with `pip-audit`.

Side effects of this change:
* Builds will be successful in Github Actions

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1240

Pull Request Pull Request #173: Rename 'S3_BUCKET' env var

Run Details

9 of 10 new or added lines in 2 files covered. (90.0%)

732 of 765 relevant lines covered (95.69%)

0.96 hits per line