From 94a2578ad64c453dd2a0a0dd2d5740b5986f1dbf Mon Sep 17 00:00:00 2001
From: Casper Welzel Andersen <casper.w.andersen@sintef.no>
Date: Wed, 1 Oct 2025 09:58:45 +0200
Subject: [PATCH] Update generate CI workflow for pip-audit

---
 {{ cookiecutter.project_slug }}/.github/dependabot.yml   | 4 +++-
 .../.github/utils/requirements_ci.txt                    | 1 +
 .../.github/workflows/ci_tests.yml                       | 9 +++++++--
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 {{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt

diff --git a/{{ cookiecutter.project_slug }}/.github/dependabot.yml b/{{ cookiecutter.project_slug }}/.github/dependabot.yml
index 4a3cb60..a102f57 100644
--- a/{{ cookiecutter.project_slug }}/.github/dependabot.yml	
+++ b/{{ cookiecutter.project_slug }}/.github/dependabot.yml	
@@ -2,7 +2,9 @@ version: 2
 
 updates:
 - package-ecosystem: pip
-  directory: "/"
+  directories:
+    - "/"
+    - "/.github/utils"
   schedule:
     interval: weekly
     day: monday
diff --git a/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt b/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt
new file mode 100644
index 0000000..d6779e7
--- /dev/null
+++ b/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt	
@@ -0,0 +1 @@
+pip-tools==7.5.0
diff --git a/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml b/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml
index 96c4645..20c017f 100644
--- a/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml	
+++ b/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml	
@@ -61,12 +61,17 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -U setuptools wheel
-        pip install -e .[dev]
+        pip install -r .github/utils/requirements_ci.txt
+
+    - name: Prepare for pip-audit{% raw %}
+      run: pip-compile --output-file=${{ runner.temp }}/requirements.txt --all-extras --allow-unsafe ${{ github.workspace }}/pyproject.toml
 
     - name: Run pip-audit
       uses: pypa/gh-action-pip-audit@v1.1.0
+      with:
+        inputs: ${{ runner.temp }}/requirements.txt
 
-  pytest:{% raw %}
+  pytest:
     name: pytest (${{ matrix.os[1] }}-py${{ matrix.python-version }})
     runs-on: ${{ matrix.os[0] }}