mirror of
https://github.com/planetmint/planetmint.git
synced 2025-05-28 09:46:42 +00:00
4bf1af6f06
* fix dependencies (locked) and the audit Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added pip-audit to poetry to avoid inconsistent environments Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> --------- Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
34 lines
896 B
YAML
34 lines
896 B
YAML
# Copyright © 2020 Interplanetary Database Association e.V.,
|
|
# Planetmint and IPDB software contributors.
|
|
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
|
|
# Code is Apache-2.0 and docs are CC-BY-4.0
|
|
|
|
name: Audit
|
|
on:
|
|
schedule:
|
|
- cron: '0 2 * * *'
|
|
|
|
jobs:
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: 3.9
|
|
|
|
- name: Setup poetry
|
|
uses: Gr1N/setup-poetry@v8
|
|
|
|
- name: Install dependencies
|
|
run: poetry install
|
|
|
|
- name: Create requirements.txt
|
|
run: poetry run pip freeze > requirements.txt
|
|
|
|
- name: Audit dependencies
|
|
run: poetry run pip-audit --ignore-vuln PYSEC-2022-203 --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57 --ignore-vuln PYSEC-2023-62 |