From 9ef6b1a66460485b49b2e338dc6023380fe437d1 Mon Sep 17 00:00:00 2001 From: leafspark <78000825+leafspark@users.noreply.github.com> Date: Thu, 15 Aug 2024 18:52:29 -0700 Subject: [PATCH] ci: add dependency audit --- .github/workflows/pip-audit.yml | 59 +++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/pip-audit.yml diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml new file mode 100644 index 0000000..953160d --- /dev/null +++ b/.github/workflows/pip-audit.yml @@ -0,0 +1,59 @@ +name: Dependency Audit + +on: + push: + paths: + - '**/requirements.txt' + pull_request: + paths: + - '**/requirements.txt' + schedule: + - cron: '0 0 * * *' # Run daily at midnight UTC + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install pip-audit + + - name: Run pip-audit + run: | + pip-audit -r requirements.txt > audit_output.txt + continue-on-error: true + + - name: Display audit results + run: cat audit_output.txt + + - name: Create detailed report + run: | + echo "Pip Audit Report" > detailed_report.txt + echo "==================" >> detailed_report.txt + echo "" >> detailed_report.txt + echo "Date: $(date)" >> detailed_report.txt + echo "" >> detailed_report.txt + echo "Audit Results:" >> detailed_report.txt + cat audit_output.txt >> detailed_report.txt + echo "" >> detailed_report.txt + echo "Environment:" >> detailed_report.txt + python --version >> detailed_report.txt + pip --version >> detailed_report.txt + echo "" >> detailed_report.txt + echo "Requirements:" >> detailed_report.txt + cat requirements.txt >> detailed_report.txt + + - name: Upload audit results + uses: actions/upload-artifact@v2 + with: + name: pip-audit-report + path: detailed_report.txt +