planetmint/.github/workflows/audit.yml

# Copyright © 2020 Interplanetary Database Association e.V.,
# Planetmint and IPDB software contributors.
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0

name: Audit
on:
  schedule:
    - cron: '0 2 * * *'

jobs:
  audit:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Setup python
        uses: actions/setup-python@v4
        with:
          python-version: 3.9

      - name: Install pip-audit
        run: pip install --upgrade pip

      - name: Setup poetry
        uses: Gr1N/setup-poetry@v7

      - name: Install dependencies
        run: poetry install

      - name: Create requirements.txt
        run: poetry run pip freeze > requirements.txt

      - name: Audit dependencies
        run: poetry run pip-audit --ignore-vuln PYSEC-2022-42969 --ignore-vuln PYSEC-2022-203 --ignore-vuln GHSA-r9hx-vwmv-q579