Merge pull request #294 from MerginMaps/pyapi_pipeline_checks #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python-api QA (Security & Style) | |
| # Trigger the workflow on every push | |
| on: [push] | |
| jobs: | |
| quality-assurance: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Install dependencies | |
| run: | | |
| # Upgrade pip and install security/linting tools | |
| python -m pip install --upgrade pip | |
| pip install bandit detect-secrets | |
| # - name: Install dependencies | |
| # run: | | |
| # # Upgrade pip and install security/linting tools | |
| # python -m pip install --upgrade pip | |
| # pip install bandit detect-secrets flake8 flake8-json | |
| - name: Run Bandit (Security Scan) | |
| # Scan the mergin folder for vulnerabilities, excluding the test directory | |
| run: bandit -r ./mergin/ -ll --exclude ./mergin/test | |
| - name: Run Detect Secrets | |
| # Scan the plugin directory for hardcoded secrets/credentials | |
| run: detect-secrets scan ./mergin/ --all-files | |
| # - name: Run Flake8 (Style Check) | |
| # # Style enforcement using MerginMaps standards | |
| # # Ignoring E501 (line length) and W503 (operator line breaks) | |
| # run: | | |
| # flake8 ./mergin/ --max-line-length=120 --ignore=E501,W503 --exclude=test |