Wip/oct26 #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a GitHub Actions workflow for running CI tests on a Django project. | |
# It is triggered on push or pull request events on the main branch, as well as | |
# manually using the workflow_dispatch event. | |
# | |
# The workflow runs on an Ubuntu 22.04 virtual machine with 2 parallel jobs and | |
# checks out the repository with a fetch depth of 1. The build job sets the | |
# Python version to 3.10 and runs the tests using the specified matrix. | |
# | |
# The `django-test-action` action is used to run the tests and requires a | |
# requirements file and a settings directory path. | |
# | |
# The `pypa/gh-action-pip-audit` action is used to audit the requirements file | |
# for security vulnerabilities. It requires a requirements file and can be | |
# configured to require hashes for all packages. | |
# | |
# See: | |
# - https://github.com/pypa/gh-action-pip-audit | |
# - https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
name: Audit | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
# https://stackoverflow.com/questions/58139175/running-actions-in-another-directory | |
defaults: | |
run: | |
working-directory: ./afb | |
strategy: | |
max-parallel: 2 | |
matrix: | |
python-version: ["3.10"] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
# - name: Install packages | |
# run: | | |
# sudo apt-get update | |
# sudo apt-get install -y cargo | |
# - name: Update PIP | |
# run: | | |
# pip install --upgrade pip | |
- name: gh-action-pip-audit | |
uses: pypa/[email protected] | |
with: | |
inputs: afb/requirements.txt | |
summary: true | |
require-hashes: false |