FusionIIIT · hardik-pratap-singh · Dec 31, 2023 · Dec 31, 2023 · Dec 31, 2023 · Dec 31, 2023
diff --git a/.github/workflows/bandit_security_test.yml b/.github/workflows/bandit_security_test.yml
@@ -0,0 +1,34 @@
+name: Security check - Bandit
+
+on: [push, pull_request]  
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04 
+    strategy:
+      matrix:
+        os: [ubuntu-22.04, macos-latest] 
+    name: Python ${{ matrix.os }}  
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2  
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install bandit
+
+    - name: Security check - Bandit  
+      run: |
+        bandit -r -f json --exclude **/FusionIIIT/Fusion/settings/**,**/FusionIIIT/Fusion/settings/**,**/FusionIIIT/applications/academic_information/**,**/FusionIIIT/applications/academic_procedures/**,**/FusionIIIT/applications/feeds/**,**/FusionIIIT/applications/globals/**,**/FusionIIIT/applications/health_center/**,**/FusionIIIT/applications/hr2/**,**/FusionIIIT/applications/leave/**,**/FusionIIIT/applications/library/**,**/FusionIIIT/applications/online_cms/**,**/FusionIIIT/applications/online_cms/**,**/FusionIIIT/applications/scholarships/**,**/FusionIIIT/applications/visitor_hostel/**,**/FusionIIIT/applications/establishment/** .
+    - name: Security check report artifacts
+      uses: actions/upload-artifact@v2
+      with:
+        name: Security report 
+        path: output/security_report.json
diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml
@@ -0,0 +1,28 @@
+name: "mypy check"
+
+on: [push, pull_request] 
+
+jobs:
+
+  static-type-check:
+    runs-on: ubuntu-22.04  
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3  
+      with:
+        python-version: '3.8.15'  
+
+    - run: pip install mypy 
+
+    - name: Get Python changed files 
+      id: changed-py-files
+      uses: tj-actions/changed-files@v23
+      with:
+        files: |
+          *.py
+          **/*.py
+
+    - name: Run if any of the listed files above is changed 
+      if: steps.changed-py-files.outputs.any_changed == 'true'
+      run: mypy ${{ steps.changed-py-files.outputs.all_changed_files }} --ignore-missing-imports