Github Actions : Added Mypy and Python Bandit Security automation #1284
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: Security check - Bandit # Name of the GitHub Actions workflow | ||
|
|
||
| on: [push, pull_request] # Trigger the workflow | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest # Executes the job on the latest version of Ubuntu | ||
|
There was a problem hiding this comment. point to a ubuntu version (preferably 22.04), not pinning a version might introduce regression in future |
||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, macos-latest] # Running matrix jobs on both Ubuntu and macOS | ||
| name: Python ${{ matrix.os }} # Name the job based on the OS being used | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v2 # Checks out your repository's code | ||
|
|
||
| - name: Security check - Bandit # Run Bandit security check | ||
| uses: ioggstream/[email protected] # Using Bandit for security checks | ||
| with: | ||
| project_path: . # Path to the project to scan | ||
| ignore_failure: true # Continue the workflow even if Bandit reports issues | ||
|
There was a problem hiding this comment. we obviously dont want to ignore errors and failures. we want the checks to fail on encountering such errors |
||
|
|
||
| # This step is optional, it uploads the Bandit report as an artifact | ||
| - name: Security check report artifacts | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Security report # Name of the artifact | ||
| path: output/security_report.txt # Path to the Bandit security report | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| name: "mypy check" # Name of the GitHub Actions workflow | ||
|
|
||
| on: [push, pull_request] # Trigger the workflow | ||
|
|
||
| jobs: | ||
|
|
||
| static-type-check: | ||
| runs-on: ubuntu-latest # Executes the job on the latest version of Ubuntu | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v2 # Checks out your repository's code | ||
| - uses: actions/setup-python@v3 # Sets up Python for the job | ||
| with: | ||
| python-version: '3.x' # Specifies Python version 3.x | ||
|
|
||
| - run: pip install mypy # Installs mypy for static type checking, you can specify a version here | ||
|
|
||
| - name: Get Python changed files # Identifies changed Python files | ||
| id: changed-py-files | ||
| uses: tj-actions/changed-files@v23 | ||
| with: | ||
| files: | | ||
| *.py | ||
| **/*.py | ||
|
|
||
| - name: Run if any of the listed files above is changed # Runs mypy on changed files | ||
| if: steps.changed-py-files.outputs.any_changed == 'true' # Conditional execution if any Python files changed | ||
| run: mypy ${{ steps.changed-py-files.outputs.all_changed_files }} --ignore-missing-imports |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are you thinking we should run the actions on both the time we "push" changes and open "pull requests".