ci: add dependency audit

2024-08-15 18:52:29 -07:00 · 2024-08-15 18:52:29 -07:00 · 9ef6b1a664
parent b3eecc173d
commit 9ef6b1a664
1 changed files with 59 additions and 0 deletions
--- a/.github/workflows/pip-audit.yml
+++ b/.github/workflows/pip-audit.yml
@ -0,0 +1,59 @@
+name: Dependency Audit
+
+on:
+  push:
+    paths:
+      - '**/requirements.txt'
+  pull_request:
+    paths:
+      - '**/requirements.txt'
+  schedule:
+    - cron: '0 0 * * *'  # Run daily at midnight UTC
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pip-audit
+
+    - name: Run pip-audit
+      run: |
+        pip-audit -r requirements.txt > audit_output.txt
+      continue-on-error: true
+
+    - name: Display audit results
+      run: cat audit_output.txt
+
+    - name: Create detailed report
+      run: |
+        echo "Pip Audit Report" > detailed_report.txt
+        echo "==================" >> detailed_report.txt
+        echo "" >> detailed_report.txt
+        echo "Date: $(date)" >> detailed_report.txt
+        echo "" >> detailed_report.txt
+        echo "Audit Results:" >> detailed_report.txt
+        cat audit_output.txt >> detailed_report.txt
+        echo "" >> detailed_report.txt
+        echo "Environment:" >> detailed_report.txt
+        python --version >> detailed_report.txt
+        pip --version >> detailed_report.txt
+        echo "" >> detailed_report.txt
+        echo "Requirements:" >> detailed_report.txt
+        cat requirements.txt >> detailed_report.txt
+
+    - name: Upload audit results
+      uses: actions/upload-artifact@v2
+      with:
+        name: pip-audit-report
+        path: detailed_report.txt
+