Skip to content
Vulnerability Test

feat(ci): cache #22

Sign in to view logs

feat(ci): cache

feat(ci): cache #22

Workflow file for this run

.github/workflows/vulnerabilities.yaml at 4bbcab0
name: Vulnerability Test
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
code-vulnerabilities:
name: Code
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install poetry
run: pipx install poetry
- name: Generate hash of security dependencies only
run: |
poetry export --only=security --format=requirements.txt --output=requirements.txt
echo "hash=$(sha256sum requirements.txt | cut -d ' ' -f 1)" >> $GITHUB_ENV
- name: Cache dependencies
id: vcv
uses: actions/cache@v4
with:
path: |
~/.cache/pypoetry
key: ${{ runner.os }}-security-${{ env.hash }}
restore-keys: |
${{ runner.os }}-security-
- name: Install vulnerabilities check dependencies
if: steps.vcv.outputs.cache-hit != 'true'
run: poetry install --only=security --no-interaction --no-root
- name: Check code vulnerabilities with bandit
run: poetry run bandit -c pyproject.toml -r tesk/
dependency-vulnerabilities:
name: Dependencies
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install poetry
run: pipx install poetry
- name: Generate hash of security dependencies only
run: |
poetry export --only=security --format=requirements.txt --output=requirements.txt
echo "hash=$(sha256sum requirements.txt | cut -d ' ' -f 1)" >> $GITHUB_ENV
- name: Cache dependencies
uses: actions/cache@v4
id: vdv
with:
path: |
~/.cache/pypoetry
key: ${{ runner.os }}-security-${{ env.hash }}
restore-keys: |
${{ runner.os }}-security-
- name: Install vulnerabilities check dependencies
if: steps.vdv.outputs.cache-hit != 'true'
run: poetry install --only=security --no-interaction --no-root
- name: Check dependency vulnerabilities with safety
run: poetry run safety check --full-report