Ruben van Staveren
230d031e67
Some checks failed
Bandit / audit-runtime-security (3.11) (pull_request) Failing after 5m39s
Flake8 / audit (3.11) (pull_request) Successful in 10m3s
Mypy / audit-typing (3.11) (pull_request) Failing after 6m15s
pip-audit / audit-dependency-security (3.11) (pull_request) Successful in 11m14s
Pylint / audit-runtime-security (3.11) (pull_request) Failing after 5m50s
Python Coverage / test-and-coverage (3.11) (pull_request) Failing after 5m40s
39 lines
901 B
YAML
39 lines
901 B
YAML
---
|
|
name: pip-audit
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
schedule:
|
|
- cron: '0 0 * * 0' # Weekly on Sunday
|
|
|
|
# XXX need to do stuff with uv
|
|
jobs:
|
|
audit-dependency-security:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
python-version:
|
|
- "3.11"
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '${{ matrix.python-version }}'
|
|
cache: 'pip'
|
|
cache-dependency-path: 'requirements.txt'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r requirements.txt
|
|
pip install -r requirements-dev.txt
|
|
|
|
- name: Check vulnerable components with pip-audit
|
|
run: |
|
|
pip-audit -r requirements.txt
|