Add Python support to audit workflow #451

lopopolo · 2023-04-09T23:16:12Z

PyPA has an official GitHub Action for running pip audit: https://github.com/pypa/gh-action-pip-audit.

the nightly repo has a requirements.txt in it.

A new template to add Python to the language matrix for the audit workflow is required. Do a deploy of all impacted repos.

Deploy something like this diff to audit.yaml:

diff --git c/.github/workflows/audit.yaml w/.github/workflows/audit.yaml
index 4c2f2da..5c83a8f 100644
--- c/.github/workflows/audit.yaml
+++ w/.github/workflows/audit.yaml
@@ -23,3 +23,19 @@ jobs:

       - name: npm audit
         run: npm audit
+
+  python:
+    name: Audit Python Dependencies
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Ensure python environment
+        uses: actions/setup-python@v4
+
+      - uses: pypa/gh-action-pip-audit@v1.0.6
+        with:
+          inputs: requirements.txt
+          require-hashes: true

The text was updated successfully, but these errors were encountered:

lopopolo added A-security Area: Security vulnerabilities and unsoundness issues. A-github-actions Area: GitHub Actions workflows and automation. labels Apr 9, 2023

lopopolo self-assigned this Apr 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Python support to audit workflow #451

Add Python support to audit workflow #451

lopopolo commented Apr 9, 2023 •

edited

Loading

Add Python support to audit workflow #451

Add Python support to audit workflow #451

Comments

lopopolo commented Apr 9, 2023 • edited Loading

lopopolo commented Apr 9, 2023 •

edited

Loading