Skip to content

feat: Comment Audit result on PR (only on errors) #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
eduardo-getpassport wants to merge 12 commits into
base: main
Choose a base branch
from
Open

feat: Comment Audit result on PR (only on errors) #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
4ba7d84
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
90ecc00
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
77b6104
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
d2679f0
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
3f6eff9
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
563de01
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
67b6ad3
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
caa6e31
feat: rebased the main branch
eduardo-getpassport Nov 15, 2022
486ac05
feat: pretty format YAML file
eduardo-getpassport Nov 15, 2022
3f6b855
feat: pretty format YAML file
eduardo-getpassport Nov 16, 2022
6a8b19f
feat: pretty format YAML file
eduardo-getpassport Nov 16, 2022
ba5cc6b
feat: pretty format YAML file
eduardo-getpassport Nov 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,8 @@ jobs:
matrix:
# It is recommended to pin a Runner version specifically:
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
os: [ubuntu-latest, macos-latest, windows-latest]
#os: [ubuntu-latest, macos-latest, windows-latest]
os: [ubuntu-latest]
python: ['3.9', '3.10']
steps:

Expand Down Expand Up @@ -74,7 +75,20 @@ jobs:

# Audit all currently installed packages for security vulnerabilities.
- name: Audit installed packages
run: make audit
id: audit-packages
continue-on-error: true
run: make --silent audit > pip-audit-vulnerabilities.txt

# Upload the vulnerabilities file output.
- name: Upload Artifact
id: upload-audit-artifact
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb #v3.1.1
with:
name: pip-audit-vulnerabilities.txt
path: .
if-no-files-found: error
retention-days: 1
#if: steps.audit-packages.outputs.exit_code == 1

# Build the sdist and wheel distribution of the package and docs as a zip file.
# We don't need to check and test the package separately because `make dist` runs
Expand Down
20 changes: 20 additions & 0 deletions .github/workflows/pr-change-set.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,23 @@ jobs:
uses: ./.github/workflows/build.yaml
permissions:
contents: read

comment-audit:
runs-on: ubuntu-latest
permissions:
pull-requests: write
needs: build
steps:

- name: Download artifact from Build
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 #v3
#if: steps.audit-packages.outputs.exit_code == 1
with:
name: pip-audit-vulnerabilities.txt

- name: comment PR
id: comment-pr
run: gh pr comment ${{ github.event.number }} --body-file pip-audit-vulnerabilities.txt
#if: steps.audit-packages.outputs.exit_code == 1
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4 changes: 4 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,3 +132,7 @@ dmypy.json

# Pyre type checker
.pyre/

# pip audit vulnerabilities file

pip-audit-vulnerabilities.txt