add ci workflows
Some checks failed
Test Suite / test (3.11) (push) Successful in 2m17s
Test Suite / test (3.12) (push) Successful in 2m20s
Test Suite / lint (push) Failing after 39s
Test Suite / build (push) Has been skipped
Security Scan / security (pull_request) Failing after 50s
Security Scan / dependency-check (pull_request) Failing after 47s
Test Suite / test (3.11) (pull_request) Successful in 1m32s
Test Suite / lint (pull_request) Failing after 23s
Test Suite / test (3.12) (pull_request) Successful in 1m24s
Test Suite / build (pull_request) Has been skipped
Some checks failed
Test Suite / test (3.11) (push) Successful in 2m17s
Test Suite / test (3.12) (push) Successful in 2m20s
Test Suite / lint (push) Failing after 39s
Test Suite / build (push) Has been skipped
Security Scan / security (pull_request) Failing after 50s
Security Scan / dependency-check (pull_request) Failing after 47s
Test Suite / test (3.11) (pull_request) Successful in 1m32s
Test Suite / lint (pull_request) Failing after 23s
Test Suite / test (3.12) (pull_request) Successful in 1m24s
Test Suite / build (pull_request) Has been skipped
This commit is contained in:
76
.gitea/workflows/security.yml
Normal file
76
.gitea/workflows/security.yml
Normal file
@@ -0,0 +1,76 @@
|
||||
name: Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: ["main", "master", "develop"]
|
||||
pull_request:
|
||||
branches: ["main", "master"]
|
||||
schedule:
|
||||
# Run security scan weekly on Sundays at 2 AM UTC
|
||||
- cron: '0 2 * * 0'
|
||||
|
||||
jobs:
|
||||
security:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync
|
||||
|
||||
- name: Add security tools
|
||||
run: |
|
||||
uv add bandit[toml]
|
||||
uv add safety
|
||||
|
||||
- name: Run bandit security linter
|
||||
run: uv run bandit -r src/ -f json -o bandit-report.json
|
||||
continue-on-error: true
|
||||
|
||||
- name: Run safety vulnerability check
|
||||
run: uv run safety check --json --output safety-report.json
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload security reports
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: security-reports
|
||||
path: |
|
||||
bandit-report.json
|
||||
safety-report.json
|
||||
|
||||
dependency-check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Set up Python
|
||||
run: uv python install 3.11
|
||||
|
||||
- name: Check for dependency vulnerabilities
|
||||
run: |
|
||||
uv sync
|
||||
uv add pip-audit
|
||||
uv run pip-audit --format=json --output=pip-audit-report.json
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload dependency audit report
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: dependency-audit
|
||||
path: pip-audit-report.json
|
||||
Reference in New Issue
Block a user