Opt-in regions for GuardDuty solution #332
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: safety - Python Dependency Check | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| jobs: | |
| Linting: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| python-version: [3.9] | |
| steps: | |
| #---------------------------------------------- | |
| # check-out repo and set-up python | |
| #---------------------------------------------- | |
| - name: Check out repository | |
| uses: actions/checkout@v3 | |
| - name: Set up python | |
| id: setup-python | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: 3.9 | |
| #---------------------------------------------- | |
| # ----- install & configure poetry ----- | |
| #---------------------------------------------- | |
| - name: Load Cached Poetry Installation | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.local # the path depends on the OS | |
| key: poetry-no-dev-2 # increment to reset cache | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| installer-parallel: true | |
| #---------------------------------------------- | |
| # load cached venv if cache exists | |
| #---------------------------------------------- | |
| - name: Load cached venv | |
| id: cached-poetry-no-dev-dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: .venv | |
| key: venv-no-dev-dependencies-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
| #---------------------------------------------- | |
| # install dependencies if cache does not exist | |
| #---------------------------------------------- | |
| - name: Install dependencies | |
| if: steps.cached-poetry-no-dev-dependencies.outputs.cache-hit != 'true' | |
| run: poetry install --only main --no-root | |
| #---------------------------------------------- | |
| # Run Safety scan | |
| #---------------------------------------------- | |
| # - name: Safety scan | |
| # env: | |
| # API_KEY: ${{secrets.SAFETY_API_KEY}} | |
| # run: | | |
| # poetry run pip install safety | |
| # poetry run safety --key "$API_KEY" --stage cicd scan | |
| #---------------------------------------------- | |
| # - uses: actions/checkout@main | |
| - name: Run Safety CLI to check for vulnerabilities | |
| uses: pyupio/safety-action@v1 | |
| with: | |
| api-key: ${{ secrets.SAFETY_API_KEY }} |