Senzing · kernelsam · Apr 28, 2025 · Feb 24, 2025 · Feb 25, 2025 · Feb 25, 2025
@@ -0,0 +1,36 @@
+name: bandit
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  bandit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run Bandit Scan
+        uses: lukehinds/bandit-action@new-action
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          path: "examples src"
+          recursive: "true"
@@ -0,0 +1,20 @@
+name: bearer
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  rule_check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Bearer
+        uses: bearer/bearer-action@v2
@@ -0,0 +1,42 @@
+name: black
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  black:
+    name: black Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m venv ./venv
+          source ./venv/bin/activate
+          echo "PATH=${PATH}" >> "${GITHUB_ENV}"
+          python -m pip install --upgrade pip
+          python -m pip install --requirement requirements.txt
+          python -m pip install black
+
+      - name: Run black testing
+        run: |
+          # shellcheck disable=SC2046
+          black --diff --check $(git ls-files '*.py' ':!:docs/source/*')
@@ -0,0 +1,70 @@
+name: Dependency scan
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  fpvs:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m venv ./venv
+          source ./venv/bin/activate
+          echo "PATH=${PATH}" >> "${GITHUB_ENV}"
+          python -m pip install --upgrade pip
+          python -m pip install --requirement requirements.txt
+          python -m pip install wheel
+          python -m pip wheel -r requirements.txt --wheel-dir=vendor
+
+      - name: Run fpvs scan
+        run: |
+          python -m pip install fpvs
+          git clone https://gitlab.com/gitlab-org/security-products/gemnasium-db.git
+          fpvs-scan --verbose
+
+  pip-audit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m venv ./venv
+          source ./venv/bin/activate
+          echo "PATH=${PATH}" >> "${GITHUB_ENV}"
+          python -m pip install --requirement requirements.txt
+          python -m pip install .
+
+      - name: Run pip-audit
+        uses: pypa/gh-action-pip-audit@v1.1.0
+        with:
+          inputs: requirements.txt
@@ -0,0 +1,52 @@
+name: dotnet format
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  dotnet-format:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - dotnet-version: "8"
+
+    steps:
+      - name: checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ matrix.dotnet-version }}
+
+      - name: install Senzing runtime
+        uses: senzing-factory/github-action-install-senzing-sdk@v2
+        with:
+          packages-to-install: "senzingsdk-runtime senzingsdk-setup"
+          senzingsdk-repository-package: ${{ secrets.SENZING_APT_BETA_STAGING_REPOSITORY_PACKAGE }}
+          senzingsdk-repository-path: ${{ secrets.SENZING_APT_BETA_STAGING_REPOSITORY_URL }}
+
+      - name: configure local nuget repo
+        run: |
+          sdk_package=$(grep -Rl "Senzing.Sdk" /opt/senzing/er/sdk/dotnet/ | xargs -L 1 basename)
+          mkdir -p ~/dev/nuget/packages
+          dotnet nuget add source ~/dev/nuget/packages -n dev
+          dotnet nuget push /opt/senzing/er/sdk/dotnet/"${sdk_package}" --source dev
+
+      - name: dotnet format all
+        run: |
+          projects=$(find . -name "*.csproj")
+          echo "[INFO] projects are: $projects"
+          for project in $projects; do
+            cd "$(dirname "$project")"
+            dotnet restore
+            dotnet format --verify-no-changes --verbosity diagnostic
+          done
@@ -0,0 +1,35 @@
+name: flake8
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  flake8:
+    name: flake8 Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run flake8 lint
+        uses: py-actions/flake8@v2
+        with:
+          max-line-length: 88
+          path: python
+          plugins: flake8-black
@@ -0,0 +1,41 @@
+name: isort
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  isort:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m venv ./venv
+          source ./venv/bin/activate
+          echo "PATH=${PATH}" >> "${GITHUB_ENV}"
+          python -m pip install --upgrade pip
+          python -m pip install --requirement requirements.txt
+
+      - name: Run isort
+        uses: isort/isort-action@v1
+        with:
+          requirements-files: requirements.txt
+          sort-paths: "examples src/template_python tests"
@@ -42,7 +42,7 @@ jobs:
       - name: build with Maven
         run: |
           cd "${GITHUB_WORKSPACE}"/java
-          mvn clean install
+          mvn clean install -Pcheckstyle,spotbugs -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
 
       - name: run java snippets
         run: |

@@ -42,7 +42,7 @@ jobs:
           SENZING_PATH: "/opt/senzing"
         run: |
           cd "${GITHUB_WORKSPACE}"/java
-          mvn clean package
+          mvn clean install -Pcheckstyle,spotbugs -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
 
       - name: run java snippets
         env:

@@ -35,7 +35,7 @@ jobs:
         run: |
           $Env:SENZING_PATH = "$Env:USERPROFILE\senzing"
           cd "${Env:GITHUB_WORKSPACE}/java"
-          mvn clean install
+          mvn clean install "-Pcheckstyle,spotbugs" -B "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
 
       - name: Add to "Path" environment variable
         run: |

@@ -0,0 +1,26 @@
+name: maven dependency review
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-submission-maven:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - java-version: "21"
+            java-distribution: "temurin"
+
+    steps:
+      - name: checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v4
@@ -0,0 +1,42 @@
+name: mypy
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  mypy:
+    name: mypy Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m venv ./venv
+          source ./venv/bin/activate
+          echo "PATH=${PATH}" >> "${GITHUB_ENV}"
+          python -m pip install --upgrade pip
+          python -m pip install --requirement requirements.txt
+          python -m pip install mypy
+
+      - name: Run mypy tests
+        run: |
+          # shellcheck disable=SC2046
+          mypy --strict $(git ls-files '*.py' ':!:docs/source/*')