Skip to content

Audit

Audit #1494

Workflow file for this run

name: Audit
on:
push:
branches:
- fix-audit
schedule:
- cron: '30 2 * * *'
jobs:
audit:
name: Audit
runs-on: ${{ matrix.os }}
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
include:
- branch: '2.6'
os: ubuntu-20.04
- branch: '2.7'
os: ubuntu-22.04
- branch: '2.8'
os: ubuntu-22.04
steps:
# For version below 2.7 (included)
- run: |
sudo apt-get update || true
sudo apt-get install --yes libgdal-dev libgraphviz-dev
# Have an httplib2 version without any security issues
- run: sudo python3 -m pip install --upgrade httplib2 numpy
- uses: actions/checkout@v4
with:
ref: ${{ matrix.branch }}
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
- run: if [ -e requirements.txt ] ; then pip install --requirement=requirements.txt; fi
- run: python3 -m venv ~/.venv
- run: ~/.venv/bin/pip install --upgrade --pre c2cciutils[audit]
- run: python3 -m pip install --upgrade --pre c2cciutils[audit]
- name: Check .tool-versions file existence
id: tool-versions
uses: andstor/file-existence-action@v3
with:
files: .tool-versions
- uses: asdf-vm/actions/install@v3
if: steps.tool-versions.outputs.files_exists == 'true'
- run: cat /tmp/python-build.*.log
if: failure()
- run: python --version
- name: Snyk audit
run: ~/.venv/bin/c2cciutils-audit --branch=${{ matrix.branch }}
env:
GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
- name: Check ci/dpkg-versions.yaml file existence
id: dpkg-versions
uses: andstor/file-existence-action@v3
with:
files: ci/dpkg-versions.yaml
- name: Update dpkg packages versions
run: ~/.venv/bin/c2cciutils-docker-versions-update --branch=${{ matrix.branch }}
env:
GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
if: steps.dpkg-versions.outputs.files_exists == 'true'