Skip to content

OpenMDAO Audit

OpenMDAO Audit #387

# Audit OpenMDAO dependencies
name: OpenMDAO Audit
on:
# Run the workflow daily at 0300 UTC
schedule:
- cron: '0 3 * * *'
# Allow running the workflow manually from the Actions tab
workflow_dispatch:
permissions: {}
jobs:
audit:
strategy:
fail-fast: false
matrix:
include:
# Audit dependencies on Ubuntu
- NAME: Audit Ubuntu
OS: ubuntu-latest
# Audit dependencies on MacOS
- NAME: Audit MacOS
OS: macos-latest
# Audit dependencies on Windows
- NAME: Audit Windows
OS: windows-latest
runs-on: ${{ matrix.OS }}
name: ${{ matrix.NAME }}
defaults:
run:
shell: bash -l {0}
steps:
- uses: actions/checkout@v3
- name: Setup conda
uses: conda-incubator/setup-miniconda@v3
with:
python-version: 3.12
miniforge-version: latest
- name: Install lxml
if: matrix.OS == 'windows-latest'
run: |
echo "============================================================="
echo "Install lxml for Windows (No Python 3.11 version on pypi)"
echo "============================================================="
conda install lxml
- name: Install OpenMDAO
run: |
conda install numpy scipy -q -y
echo "============================================================="
echo "Pre-install jupyter dependencies"
echo "============================================================="
conda install jupyter-book -q -y
echo "============================================================="
echo "Install OpenMDAO with all optional dependencies"
echo "============================================================="
python -m pip install .[all]
- name: Install additional packages
run: |
echo "============================================================="
echo "Install additional relevant packages"
echo "============================================================="
python -m pip install psutil objgraph
python -m pip install git+https://github.com/mdolab/pyxdsm
python -m pip install git+https://github.com/google/jax
- name: Install PETSc
if: matrix.OS != 'windows-latest'
run: |
echo "============================================================="
echo "Install PETSc"
echo "============================================================="
conda install mpi4py petsc petsc4py -q -y
- name: Install pyOptSparse
if: matrix.OS != 'macos-latest'
run: |
echo "============================================================="
echo "Install pyoptsparse"
echo "============================================================="
conda install pyoptsparse
- name: Display environment info
run: |
conda info
conda list
- name: Audit dependencies
run: |
python -m pip install pip-audit
echo "======================================================================="
echo "Scan environment for pypi packages with known vulnerabilities"
echo "found in the Python Packaging Advisory Database"
echo "======================================================================="
python -m pip_audit -s pypi
echo "======================================================================="
echo "Scan environment for packages with known vulnerabilities"
echo "found in the Open Source Vulnerability database"
echo "======================================================================="
echo "Ignoring GHSA-g4r7-86gm-pgqc for now as it has been addressed in code"
python -m pip_audit -s osv --ignore-vuln GHSA-g4r7-86gm-pgqc
- name: Notify slack
uses: act10ns/[email protected]
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
status: ${{ job.status }}
if: failure()