Skip to content

Python package

Python package #18

Workflow file for this run

name: Python package
on:
schedule:
- cron: '0 0 * * 0'
workflow_dispatch:
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
new_version: ${{ steps.version.outputs.new_version }}
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install setuptools
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Update Database
run: |
python ./primeExploitDb.py
- name: Extract and increment version using sed and awk
id: increment_version
run: |
version=$(sed -n "s/^ *version=['\"]\([^'\"]*\)['\"],/\1/p" setup.py)
new_version=$(echo $version | awk -F. -v OFS=. '{$NF += 1; print}')
sed -i "s;$version;$new_version;g" setup.py
echo "new_version=$new_version" >> $GITHUB_ENV
- name: Update ChangeLog
run: |
echo "## v${{ env.new_version }} - $(date +'%Y-%m-%d')" >> ChangeLog.md
echo "- Last commit by ${{ env.commit_author }}: Updated exploit database mappings" >> ChangeLog.md
- name: Commit and push changes
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add -A
git commit -m "Update exploit database mapping, Bump version to ${{ env.new_version }} and update ChangeLogs"
git push
build:
needs: prepare
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
python-version: [3.11]
os: [ubuntu-latest]
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install flake8 semgrep setuptools wheel build twine
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Lint with flake8
run: |
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=128 --statistics
- name: Security scan with Semgrep
run: |
semgrep --config=p/r2c
- name: Patch version using sed and awk (not because we can't pull the commited update in prepare)
run: |
version=$(sed -n "s/^ *version=['\"]\([^'\"]*\)['\"],/\1/p" setup.py)
new_version=$(echo $version | awk -F. -v OFS=. '{$NF += 1; print}')
sed -i "s;$version;$new_version;g" setup.py
- name: Build the package
run: python setup.py sdist bdist_wheel
- name: Build and publish
if: success()
run: |
twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
- name: Upload artifacts
if: success()
uses: actions/upload-artifact@v4
with:
name: dist-${{ matrix.python-version }}-${{ matrix.os }}
path: dist/*
if-no-files-found: error
retention-days: 90