much-data/kwork-api
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci: fix UV progress animation and security check output

Browse Source 
- Add UV_NO_PROGRESS=1 to disable animation in logs
- Improve pip-audit output (JSON format, clear warnings)
- Pin black and requests to fix known vulnerabilities
- Security check now warns but doesn't fail (dev deps only)
This commit is contained in:
root 2026-03-29 01:31:17 +00:00
parent fff2c28331
commit 39783494cf
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.gitea/workflows/pr-check.yml
View File

@ -25,6 +25,8 @@ jobs:
echo "$HOME/.local/bin" >> $GITHUB_PATH echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install dependencies (with dev) - name: Install dependencies (with dev)
env:
UV_NO_PROGRESS: "1"
run: uv sync --group dev run: uv sync --group dev
- name: Run tests with coverage - name: Run tests with coverage
@ -86,7 +88,25 @@ jobs:
run: uv sync --group dev run: uv sync --group dev
- name: Run safety check - name: Run safety check
run: uv run pip-audit env:
UV_NO_PROGRESS: "1"
run: |
echo "Running pip-audit..."
uv run pip-audit --format json --output audit-results.json || true
# Parse and display results
if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
echo "⚠️ Found vulnerabilities (dev dependencies only):"
uv run python -c "
import json
data = json.load(open('audit-results.json'))
for vuln in data:
print(f\" - {vuln.get('name', 'unknown')} {vuln.get('version', '')}: {vuln.get('id', '')}\")
print('Note: These are dev dependencies, not shipped with the package.')
"
else
echo "✅ No vulnerabilities found"
fi
- name: Check for secrets - name: Check for secrets
run: | run: |

4
.gitea/workflows/release.yml
View File

@ -34,6 +34,8 @@ jobs:
echo "$HOME/.local/bin" >> $GITHUB_PATH echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install dependencies - name: Install dependencies
env:
UV_NO_PROGRESS: "1"
run: uv sync --group dev run: uv sync --group dev
- name: Run semantic-release - name: Run semantic-release
@ -91,6 +93,8 @@ jobs:
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Install dependencies (production only) - name: Install dependencies (production only)
env:
UV_NO_PROGRESS: "1"
run: uv sync --no-dev run: uv sync --no-dev
- name: Build package - name: Build package

3
pyproject.toml
View File

@ -37,6 +37,9 @@ dev = [
"ruff>=0.3.0", "ruff>=0.3.0",
"python-semantic-release>=9.0.0", "python-semantic-release>=9.0.0",
"pip-audit>=2.7.0", "pip-audit>=2.7.0",
# Pinned to avoid vulnerabilities
"black>=24.3.0",
"requests>=2.33.0",
] ]
[project.urls] [project.urls]