-
Notifications
You must be signed in to change notification settings - Fork 198
39 lines (31 loc) · 1.28 KB
/
test-security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Python 依存パッケージの脆弱性診断を定期的に行う
# NOTE: 公式 Action は API key 等を必要とするため利用しない(https://github.com/pyupio/safety-action/tree/main)
name: test-security
on:
schedule:
- cron: "00 04 15 * *" # 毎月15日 13:00 JST
defaults:
run:
shell: bash
jobs:
test-security:
runs-on: ubuntu-20.04
steps:
- name: <Setup> Check out the repository
uses: actions/checkout@v4
- name: <Setup> Prepare Python Runtime / Python Dependencies
uses: ./.github/actions/prepare_python
with:
requirements-suffix: "-dev"
- name: <Test> Check Python dependency security
run: safety check -r requirements.txt -r requirements-dev.txt -r requirements-build.txt -o bare
- name: <Deploy> Notify Discord of security testing result
uses: sarisia/actions-status-discord@v1
if: always()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
username: GitHub Actions
title: "依存パッケージ脆弱性診断の結果"
status: ${{ job.status }}
color: ${{ job.status == 'success' && '0x00FF00' || '0xFF0000' }}
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"