OpenMDAO Audit #407
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Audit OpenMDAO dependencies | |
name: OpenMDAO Audit | |
on: | |
# Run the workflow daily at 0300 UTC | |
schedule: | |
- cron: '0 3 * * *' | |
# Allow running the workflow manually from the Actions tab | |
workflow_dispatch: | |
permissions: {} | |
jobs: | |
audit: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# Audit dependencies on Ubuntu | |
- NAME: Audit Ubuntu | |
OS: ubuntu-latest | |
# Audit dependencies on MacOS | |
- NAME: Audit MacOS | |
OS: macos-latest | |
# Audit dependencies on Windows | |
- NAME: Audit Windows | |
OS: windows-latest | |
runs-on: ${{ matrix.OS }} | |
name: ${{ matrix.NAME }} | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup conda | |
uses: conda-incubator/setup-miniconda@v3 | |
with: | |
python-version: 3.12 | |
miniforge-version: latest | |
- name: Install lxml | |
if: matrix.OS == 'windows-latest' | |
run: | | |
echo "=============================================================" | |
echo "Install lxml for Windows (No Python 3.11 version on pypi)" | |
echo "=============================================================" | |
conda install lxml | |
- name: Install OpenMDAO | |
run: | | |
conda install numpy scipy -q -y | |
echo "=============================================================" | |
echo "Pre-install jupyter dependencies" | |
echo "=============================================================" | |
conda install jupyter-book -q -y | |
echo "=============================================================" | |
echo "Install OpenMDAO with all optional dependencies" | |
echo "=============================================================" | |
python -m pip install .[all] | |
- name: Install additional packages | |
run: | | |
echo "=============================================================" | |
echo "Install additional relevant packages" | |
echo "=============================================================" | |
python -m pip install psutil objgraph | |
python -m pip install git+https://github.com/mdolab/pyxdsm | |
python -m pip install git+https://github.com/google/jax | |
- name: Install PETSc | |
if: matrix.OS != 'windows-latest' | |
run: | | |
echo "=============================================================" | |
echo "Install PETSc" | |
echo "=============================================================" | |
conda install mpi4py petsc petsc4py -q -y | |
- name: Install pyOptSparse | |
if: matrix.OS != 'macos-latest' | |
run: | | |
echo "=============================================================" | |
echo "Install pyoptsparse" | |
echo "=============================================================" | |
conda install pyoptsparse | |
- name: Display environment info | |
run: | | |
conda info | |
conda list | |
- name: Audit dependencies | |
run: | | |
python -m pip install pip-audit | |
echo "=======================================================================" | |
echo "Scan environment for pypi packages with known vulnerabilities" | |
echo "found in the Python Packaging Advisory Database" | |
echo "=======================================================================" | |
python -m pip_audit -s pypi | |
echo "=======================================================================" | |
echo "Scan environment for packages with known vulnerabilities" | |
echo "found in the Open Source Vulnerability database" | |
echo "=======================================================================" | |
echo "Ignoring GHSA-g4r7-86gm-pgqc for now as it has been addressed in code" | |
python -m pip_audit -s osv --ignore-vuln GHSA-g4r7-86gm-pgqc | |
- name: Notify slack | |
uses: act10ns/[email protected] | |
with: | |
webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
status: ${{ job.status }} | |
if: failure() |