Merge pull request #350 from nttcom/topic/vulnrichment2tc #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: lint scripts directory | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the main branch | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - scripts/** | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - scripts/** | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| env: | |
| DEFAULT_PYTHON: "3.10" | |
| PYTHON_ROOT_DIRS: ./ | |
| SCRIPTS_DIRS: ./scripts | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ${{ env.SCRIPTS_DIRS }} | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@v3 | |
| - name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
| id: python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.DEFAULT_PYTHON }} | |
| - name: Setup pipenv | |
| run: | | |
| pip install --user pipenv | |
| - name: Create Python virtual environment | |
| run: | | |
| pipenv --python ${{ env.DEFAULT_PYTHON }} | |
| sudo apt update | |
| sudo apt install -y build-essential python3-dev libpq-dev | |
| pipenv run python -m pip install -U pip | |
| pipenv sync --dev | |
| # Runs a linter for python | |
| - name: Run formatting check | |
| run: | | |
| pipenv run black --check --diff ${{ env.PYTHON_ROOT_DIRS }} | |
| pipenv run ruff check ${{ env.PYTHON_ROOT_DIRS }} | |
| pipenv run mypy ${{ env.PYTHON_ROOT_DIRS }} --show-error-codes --no-error-summary | |
| - name: Run Trivy vulnerability scanner in fs mode | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: ${{ env.SCRIPTS_DIRS }} | |
| trivy-config: trivy.yaml | |