forked from OpenMDAO/OpenMDAO
-
Notifications
You must be signed in to change notification settings - Fork 1
127 lines (100 loc) · 4.09 KB
/
openmdao_audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Audit OpenMDAO dependencies
name: OpenMDAO Audit
on:
# Run the workflow daily at 0300 UTC
schedule:
- cron: '0 3 * * *'
# Allow running the workflow manually from the Actions tab
workflow_dispatch:
permissions: {}
jobs:
audit:
strategy:
fail-fast: false
matrix:
include:
# Audit dependencies on Ubuntu
- NAME: Audit Ubuntu
OS: ubuntu-latest
# Audit dependencies on MacOS
- NAME: Audit MacOS
OS: macos-latest
# Audit dependencies on Windows
- NAME: Audit Windows
OS: windows-latest
runs-on: ${{ matrix.OS }}
name: ${{ matrix.NAME }}
defaults:
run:
shell: bash -l {0}
steps:
- uses: actions/checkout@v3
- name: Setup conda
uses: conda-incubator/setup-miniconda@v2
with:
python-version: 3.11
conda-version: "*"
channels: conda-forge
- name: Install lxml
if: matrix.OS == 'windows-latest'
run: |
echo "============================================================="
echo "Install lxml for Windows (No Python 3.11 version on pypi)"
echo "============================================================="
conda install lxml
- name: Install OpenMDAO
run: |
conda install numpy scipy -q -y
echo "============================================================="
echo "Pre-install jupyter dependencies"
echo "============================================================="
conda install jupyter-book -q -y
echo "============================================================="
echo "Install OpenMDAO with all optional dependencies"
echo "============================================================="
python -m pip install .[all]
- name: Install additional packages
run: |
echo "============================================================="
echo "Install additional relevant packages"
echo "============================================================="
python -m pip install psutil objgraph
python -m pip install git+https://github.com/mdolab/pyxdsm
python -m pip install git+https://github.com/google/jax
- name: Install PETSc
if: matrix.OS != 'windows-latest'
run: |
echo "============================================================="
echo "Install PETSc"
echo "============================================================="
conda install mpi4py petsc petsc4py -q -y
- name: Install pyOptSparse
if: matrix.OS != 'macos-latest'
run: |
echo "============================================================="
echo "Install pyoptsparse"
echo "============================================================="
conda install pyoptsparse
- name: Display environment info
run: |
conda info
conda list
- name: Audit dependencies
run: |
python -m pip install pip-audit
echo "======================================================================="
echo "Scan environment for pypi packages with known vulnerabilities"
echo "found in the Python Packaging Advisory Database"
echo "======================================================================="
python -m pip_audit -s pypi --ignore-vuln GHSA-hcpj-qp55-gfph
echo "======================================================================="
echo "Scan environment for packages with known vulnerabilities"
echo "found in the Open Source Vulnerability database"
echo "======================================================================="
python -m pip_audit -s osv --ignore-vuln GHSA-hcpj-qp55-gfph
- name: Notify slack
uses: act10ns/[email protected]
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
status: ${{ job.status }}
if: failure()