From 274c28c58e34309280ae3e6f113ceff133b07d80 Mon Sep 17 00:00:00 2001
From: Pymetheus <Pymetheus@users.noreply.github.com>
Date: Sun, 8 Feb 2026 19:03:52 +0100
Subject: [PATCH] ci: install dev deps and generate requirements.txt

Simplify the security workflow by removing the astral-sh/setup-uv steps and the uv sync/export flow. Instead of installing individual packages, the workflow now runs `pip install -e . --group dev` and `pip freeze > requirements.txt` to produce a requirements.txt file for Snyk scanning. This reduces duplication and uses the project's dev extras for dependency installation.
---
 .github/workflows/security.yml | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 9eb89bb..b6a285e 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -32,30 +32,13 @@ jobs:
         with:
           python-version: ${{ env.PYTHON_VERSION }}
 
-      - name: Install uv and cache dependencies
-        uses: astral-sh/setup-uv@v7
-        with:
-          enable-cache: true
-          cache-dependency-glob: |
-            pyproject.toml
-            uv.lock
-
-      - name: Install project dependencies
-        run: |
-          uv sync
-
-      - name: Export dependencies for Snyk
-        run: |
-          uv export --format requirements-txt --output-file requirements.txt
-          echo "--- Content of requirements.txt ---"
-          cat requirements.txt
-
       - name: Install Snyk CLI
         uses: snyk/actions/setup@master
 
       - name: Install Snyk Python dependencies
         run: |
-          pip install annotated-types pydantic pydantic-core pydantic-settings python-dotenv typing-extensions typing-inspection
+          pip install -e . --group dev
+          pip freeze > requirements.txt
 
       - name: Run Snyk for Open Source Vulnerabilities (OSS)
         run: |