-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Action fails for Python 3.8+ #46
Comments
Add TODO linking relevant issue pypa/gh-action-pip-audit#46
* Update GHA to ignore irrelevant Mercurial vulnerability * Update build tests to run when any files affecting build are changed * Ignore `requests` and `urllib3` vulnerabilities as they are not used in this package * Allow all build tests to run in parallel * Update actions versions to troubleshoot failures * Try specifying requirements file directly * Enable pipaudit debugging * Pin older cyclonedx package to troubleshoot pip-audit automation bug * Pin older cyclonedx package to troubleshoot pip-audit automation bug * Disable pipaudit debugging Add TODO linking relevant issue pypa/gh-action-pip-audit#46 --------- Co-authored-by: Daniel McKnight <[email protected]>
Hi @NeonDaniel, thanks for the report. Taking a look now. |
Hmm, I can't immediately reproduce this locally: your workflow is using |
Ah, I think I see the problem here: your workflow is using Could you try using |
(Also, where did you get |
It looks like the automation was originally written by @JarbasAI; I was just looking into the failures (I'm actually not sure how long the automation has been failing. I completely missed that we were using 1.0.0 while 1.0.8 is the latest. I see now that the examples and latest release do specify 1.0.8. Updating to the latest appears to have resolved the issues |
Glad to hear it, and thanks for the detailed report regardess! |
Current behavior
When running the action against Python 3.8-3.10, the action fails due to a missing output file. After enabling debugging, it appears this is due to a breaking change in the
cyclonedx-python-lib
dependency. The issue did not fail for Python 3.7 which resolves an older version of this dependency.Expected behavior
I would expect the action to pass or else print the relevant vulnerabilities causing failure
Steps to reproduce
build_tests (3.7)
will exit with a valid result while the other runs will fail withFileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-audit-output.txt'
Relevant context
I diagnosed the issue with this action run. Relevant logs:
I was able to make the automation use cyclonedx~=4.0 which got the automation passing.
The text was updated successfully, but these errors were encountered: