This commit is contained in:
akarkode
parent
8c6b1a9a3f
commit
74c0c43832
@ -10,27 +10,19 @@ jobs:
|
|||||||
pip-audit:
|
pip-audit:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- name: Checkout code
|
||||||
|
run: |
|
||||||
|
git clone https://oauth2:${{ secrets.GITEA_TOKEN }}@git.akarkode.com/${{ gitea.repository }}.git repo
|
||||||
|
cd repo && git checkout ${{ gitea.sha }}
|
||||||
|
|
||||||
- uses: actions/setup-python@v5
|
- name: Install pip-audit
|
||||||
with:
|
run: pip3 install pip-audit
|
||||||
python-version: '3.11'
|
|
||||||
|
|
||||||
- name: Install tools
|
|
||||||
run: pip install pipenv pip-audit
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: pipenv install --deploy
|
|
||||||
|
|
||||||
- name: Run pip-audit scan
|
- name: Run pip-audit scan
|
||||||
run: pipenv run pip-audit --format json -o pip-audit-report.json || true
|
working-directory: repo
|
||||||
|
run: |
|
||||||
|
pip-audit -r Pipfile.lock || true
|
||||||
|
|
||||||
- name: Fail on HIGH/CRITICAL
|
- name: Fail on HIGH/CRITICAL
|
||||||
run: pipenv run pip-audit --fail-on-severity high
|
working-directory: repo
|
||||||
|
run: pip-audit -r Pipfile.lock --fail-on-severity high
|
||||||
- name: Upload report
|
|
||||||
uses: actions/upload-artifact@v4
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: pip-audit-report
|
|
||||||
path: pip-audit-report.json
|
|
||||||
Loading…
Reference in New Issue
Block a user