Compare commits
6 Commits
fix/client
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
2ff64ff512 | ||
|
|
26926c60da | ||
|
|
d5dc677789 | ||
|
|
91eec1ae2d | ||
|
|
106bc8920c | ||
|
|
9fb0874812 |
@ -8,10 +8,6 @@ concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
@ -92,24 +88,15 @@ jobs:
|
||||
env:
|
||||
UV_NO_PROGRESS: "1"
|
||||
run: |
|
||||
echo "Running pip-audit on production dependencies..."
|
||||
# Audit only production dependencies (exclude dev)
|
||||
uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
|
||||
uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
|
||||
|
||||
# Parse and display results
|
||||
if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
|
||||
echo "❌ Found vulnerabilities in production dependencies:"
|
||||
uv run python -c "
|
||||
import json
|
||||
data = json.load(open('audit-results.json'))
|
||||
for vuln in data:
|
||||
print(f\" - {vuln.get('name', 'unknown')} {vuln.get('version', '')}: {vuln.get('id', '')}\")
|
||||
"
|
||||
exit 1
|
||||
else
|
||||
echo "✅ No vulnerabilities in production dependencies"
|
||||
fi
|
||||
uv pip compile pyproject.toml --no-dev -o requirements-prod.txt && uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt && test ! -s audit-results.json || test "$(cat audit-results.json)" = "[]"
|
||||
|
||||
- name: Upload audit log
|
||||
uses: actions/upload-artifact@v3
|
||||
if: failure()
|
||||
with:
|
||||
name: security-audit
|
||||
path: audit-results.json
|
||||
retention-days: 7
|
||||
|
||||
- name: Check for secrets
|
||||
run: |
|
||||
|
||||
Loading…
Reference in New Issue
Block a user