Feature/649 restrict noxconfig usage

.import_linter_config

@@ -1,5 +1,6 @@
 [importlinter]
 root_package = exasol.toolbox
+include_external_packages = True
 
 [importlinter:contract:security-contract]
 name = Security module should not import from toolbox
@@ -14,3 +15,15 @@ ignore_imports =
     # importlinter lacks an option to ignore a specific line, so we must ignore this in
     # total, as this is needed for Python security audits.
     exasol.toolbox.tools.security -> exasol.toolbox.util.dependencies.audit
+
+[importlinter:contract:restrict-noxconfig]
+name = Only exasol.toolbox.nox submodules can import noxconfig
+type = forbidden
+source_modules =
+    exasol.toolbox
+forbidden_modules =
+    noxconfig
+ignore_imports =
+    # To reduce the effort in using nox sessions (i.e. having to pass the config path
+    # in each CLI usage), we allow the noxconfig to be imported within these modules.
+    exasol.toolbox.nox.* -> noxconfig

doc/changes/unreleased.md

@@ -1 +1,5 @@
 # Unreleased
+
+## Features
+
+* #649: Restricted noxconfig usage throughout exasol.toolbox to only exasol.toolbox.nox.*

exasol/toolbox/util/dependencies/audit.py

@@ -227,6 +227,6 @@ def get_vulnerabilities(working_directory: Path) -> list[Vulnerability]:
     ).vulnerabilities
 
 
-def get_vulnerabilities_from_latest_tag():
-    with poetry_files_from_latest_tag() as tmp_dir:
+def get_vulnerabilities_from_latest_tag(root_path: Path):
+    with poetry_files_from_latest_tag(root_path=root_path) as tmp_dir:
         return get_vulnerabilities(working_directory=tmp_dir)

exasol/toolbox/util/dependencies/poetry_dependencies.py

@@ -159,8 +159,8 @@ def get_dependencies(
     ).direct_dependencies
 
 
-def get_dependencies_from_latest_tag() -> (
-    OrderedDict[str, dict[NormalizedPackageStr, Package]]
-):
-    with poetry_files_from_latest_tag() as tmp_dir:
+def get_dependencies_from_latest_tag(
+    root_path: Path,
+) -> OrderedDict[str, dict[NormalizedPackageStr, Package]]:
+    with poetry_files_from_latest_tag(root_path=root_path) as tmp_dir:
         return get_dependencies(working_directory=tmp_dir)

exasol/toolbox/util/dependencies/shared_models.py

@@ -19,7 +19,6 @@
 )
 
 from exasol.toolbox.util.git import Git
-from noxconfig import PROJECT_CONFIG
 
 NormalizedPackageStr = NewType("NormalizedPackageStr", str)
 
@@ -63,10 +62,10 @@ def files(self) -> tuple[str, ...]:
 
 
 @contextmanager
-def poetry_files_from_latest_tag() -> Generator[Path]:
+def poetry_files_from_latest_tag(root_path: Path) -> Generator[Path]:
     """Context manager to set up a temporary directory with poetry files from the latest tag"""
     latest_tag = Git.get_latest_tag()
-    path = PROJECT_CONFIG.root_path.relative_to(Git.toplevel())
+    path = root_path.relative_to(Git.toplevel())
     with tempfile.TemporaryDirectory() as tmpdir_str:
         tmp_dir = Path(tmpdir_str)
         for file in PoetryFiles().files:

exasol/toolbox/util/release/changelog.py

@@ -68,7 +68,9 @@ def _describe_dependency_changes(self) -> str:
         Describe the dependency changes between the latest tag and the current version
         for use in the versioned changes file.
         """
-        previous_dependencies_in_groups = get_dependencies_from_latest_tag()
+        previous_dependencies_in_groups = get_dependencies_from_latest_tag(
+            root_path=self.root_path
+        )
         current_dependencies_in_groups = get_dependencies(
             working_directory=self.root_path
         )

test/unit/util/dependencies/audit_test.py

@@ -251,7 +251,9 @@ def test_with_mock(self, sample_vulnerability):
             "exasol.toolbox.util.dependencies.audit.audit_poetry_files",
             return_value=sample_vulnerability.pip_audit_json,
         ):
-            result = get_vulnerabilities_from_latest_tag()
+            result = get_vulnerabilities_from_latest_tag(
+                root_path=PROJECT_CONFIG.root_path
+            )
 
         # if successful, no errors & should be 1 due to mock
         assert isinstance(result, list)

test/unit/util/dependencies/poetry_dependencies_test.py

@@ -142,7 +142,7 @@ def test_get_dependencies():
 
 
 def test_get_dependencies_from_latest_tag():
-    result = get_dependencies_from_latest_tag()
+    result = get_dependencies_from_latest_tag(root_path=PROJECT_CONFIG.root_path)
 
     # if successful, no errors & should be non-empty dictionary
     assert isinstance(result, dict)

test/unit/util/dependencies/shared_models_test.py

@@ -10,6 +10,7 @@
     poetry_files_from_latest_tag,
 )
 from exasol.toolbox.util.git import Git
+from noxconfig import PROJECT_CONFIG
 
 
 class Dummy(BaseModel):
@@ -57,7 +58,7 @@ def test_coordinates():
 
 def test_poetry_files_from_latest_tag():
     latest_tag = Git.get_latest_tag()
-    with poetry_files_from_latest_tag() as tmp_dir:
+    with poetry_files_from_latest_tag(root_path=PROJECT_CONFIG.root_path) as tmp_dir:
         for file in PoetryFiles().files:
             assert (tmp_dir / file).is_file()
 

test/unit/util/release/changelog_test.py

@@ -76,7 +76,7 @@ def unreleased_md(changelogs):
 def mock_dependencies(dependencies, previous_dependencies):
     with mock.patch.multiple(
         "exasol.toolbox.util.release.changelog",
-        get_dependencies_from_latest_tag=lambda: previous_dependencies,
+        get_dependencies_from_latest_tag=lambda root_path: previous_dependencies,
         get_dependencies=lambda working_directory: dependencies,
     ):
         yield
@@ -86,7 +86,7 @@ def mock_dependencies(dependencies, previous_dependencies):
 def mock_no_dependencies():
     with mock.patch.multiple(
         "exasol.toolbox.util.release.changelog",
-        get_dependencies_from_latest_tag=lambda: {},
+        get_dependencies_from_latest_tag=lambda root_path: {},
         get_dependencies=lambda working_directory: {},
     ):
         yield