Address CI failures and code review feedback

- Remove unused pytest imports from test files (fixes lint errors)
- Fix CodeQL security alert by using exact URL validation instead of substring check
- Enhance SSL function documentation with detailed environment variable precedence
- Improve error handling in fetch_provider_data with current CA bundle path display
- Add more helpful guidance for SSL certificate configuration issues

Addresses feedback from AI code review and resolves CI lint/security failures.

Co-Authored-By: João <joao@crewai.com>

src/crewai/cli/provider.py

@@ -159,8 +159,17 @@ def get_ssl_verify_config():
     """
     Get SSL verification configuration from environment variables or use certifi default.
     
+    Environment Variables (checked in order of precedence):
+        REQUESTS_CA_BUNDLE: Path to the primary CA bundle file.
+        SSL_CERT_FILE: Path to the secondary CA bundle file.
+        CURL_CA_BUNDLE: Path to the tertiary CA bundle file.
+    
     Returns:
-    - str: Path to CA bundle file or certifi default path
+        str: Path to CA bundle file or certifi default path.
+    
+    Example:
+        >>> get_ssl_verify_config()
+        '/path/to/ca-bundle.pem'
     """
     for env_var in ['REQUESTS_CA_BUNDLE', 'SSL_CERT_FILE', 'CURL_CA_BUNDLE']:
         ca_bundle = os.environ.get(env_var)
@@ -180,8 +189,9 @@ def fetch_provider_data(cache_file):
     Returns:
     - dict or None: The fetched provider data or None if the operation fails.
     """
+    ssl_config = get_ssl_verify_config()
     try:
-        response = requests.get(JSON_URL, stream=True, timeout=60, verify=get_ssl_verify_config())
+        response = requests.get(JSON_URL, stream=True, timeout=60, verify=ssl_config)
         response.raise_for_status()
         data = download_data(response)
         with open(cache_file, "w") as f:
@@ -189,7 +199,9 @@ def fetch_provider_data(cache_file):
         return data
     except requests.exceptions.SSLError as e:
         click.secho(f"SSL certificate verification failed: {e}", fg="red")
+        click.secho(f"Current CA bundle path: {ssl_config}", fg="yellow")
         click.secho("Try setting REQUESTS_CA_BUNDLE environment variable to your CA bundle path", fg="yellow")
+        return None
     except requests.RequestException as e:
         click.secho(f"Error fetching provider data: {e}", fg="red")
     except json.JSONDecodeError:

tests/cli/test_constants.py

@@ -1,5 +1,3 @@
-import pytest
-
 from crewai.cli.constants import ENV_VARS, JSON_URL, MODELS, PROVIDERS
 
 
@@ -26,4 +24,4 @@ def test_huggingface_models():
 def test_json_url_is_https():
     """Test that JSON_URL uses HTTPS for secure connection."""
     assert JSON_URL.startswith("https://")
-    assert "raw.githubusercontent.com" in JSON_URL
+    assert JSON_URL == "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json"

tests/cli/test_provider_ssl.py

@@ -3,7 +3,6 @@ import tempfile
 from pathlib import Path
 from unittest.mock import Mock, patch
 
-import pytest
 import requests
 
 from crewai.cli.provider import fetch_provider_data, get_ssl_verify_config