-
Notifications
You must be signed in to change notification settings - Fork 0
62 lines (55 loc) · 1.74 KB
/
audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# This is a GitHub Actions workflow for running CI tests on a Django project.
# It is triggered on push or pull request events on the main branch, as well as
# manually using the workflow_dispatch event.
#
# The workflow runs on an Ubuntu 22.04 virtual machine with 2 parallel jobs and
# checks out the repository with a fetch depth of 1. The build job sets the
# Python version to 3.10 and runs the tests using the specified matrix.
#
# The `django-test-action` action is used to run the tests and requires a
# requirements file and a settings directory path.
#
# The `pypa/gh-action-pip-audit` action is used to audit the requirements file
# for security vulnerabilities. It requires a requirements file and can be
# configured to require hashes for all packages.
#
# See:
# - https://github.com/pypa/gh-action-pip-audit
# - https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
name: Audit
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-22.04
# https://stackoverflow.com/questions/58139175/running-actions-in-another-directory
defaults:
run:
working-directory: ./afb
strategy:
max-parallel: 2
matrix:
python-version: ["3.10"]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
# - name: Install packages
# run: |
# sudo apt-get update
# sudo apt-get install -y cargo
# - name: Update PIP
# run: |
# pip install --upgrade pip
- name: gh-action-pip-audit
uses: pypa/[email protected]
with:
inputs: afb/requirements.txt
summary: true
require-hashes: false