From fe06ac54fb1ab4fe8eb5712a027af7dec2489775 Mon Sep 17 00:00:00 2001 From: David Slusser Date: Sun, 19 Apr 2026 17:07:46 -0700 Subject: [PATCH 1/2] testing pip-audit --- .github/workflows/pip_audit.yaml | 22 ++++++++++++++++++++++ .github/workflows/ruff_lint.yaml | 6 ++---- README.md | 5 ++++- pyproject.toml | 5 +---- 4 files changed, 29 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/pip_audit.yaml diff --git a/.github/workflows/pip_audit.yaml b/.github/workflows/pip_audit.yaml new file mode 100644 index 0000000..f31d568 --- /dev/null +++ b/.github/workflows/pip_audit.yaml @@ -0,0 +1,22 @@ +name: Dependency Consistency Check (pip-audit) + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + pip_audit: + runs-on: ubuntu-latest + name: "pip-audit" + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.12" + + - name: Install project + run: pip install . + + - name: Run pip-audit + uses: pypa/gh-action-pip-audit@v1.1.0 diff --git a/.github/workflows/ruff_lint.yaml b/.github/workflows/ruff_lint.yaml index ea1f7fb..adcc2f2 100644 --- a/.github/workflows/ruff_lint.yaml +++ b/.github/workflows/ruff_lint.yaml @@ -1,4 +1,4 @@ -name: Code Consistency Check (ruff format) +name: Static Code Analysis (ruff lint) on: push: @@ -9,11 +9,9 @@ jobs: ruff: runs-on: ubuntu-latest name: "ruff" - if: github.event.created == false # Skip if this push created a new branch steps: - name: actions_python_ruff uses: davidslusser/actions_python_ruff@v1.0.3 with: src: "src/django_project" - command: ruff format src --check - python_version: "3.13" + options: "-v" diff --git a/README.md b/README.md index b462f3f..08589ca 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,8 @@ https://www.spokanepython.com | Workflow | Description | Status | |----------|-------------------------|------------------------------------------------------------------------------| |Bandit|security checks|![Bandit](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/bandit.yaml/badge.svg)| +|Django Check|django project scan|![Lint](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/django.yaml/badge.svg)| +|FawltyDeps|dependency consistency check|![Lint](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/fawltydeps.yaml/badge.svg)| |Isort|python import ordering|![Isort](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/isort.yaml/badge.svg)| |Mypy|static type checking|![Mypy](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/mypy.yaml/badge.svg)| |Radon|code complexity analysis|![Radon](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/radon.yaml/badge.svg)| @@ -18,13 +20,14 @@ https://www.spokanepython.com |Ruff Lint|static code analysis|![Lint](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/ruff_lint.yaml/badge.svg)| +
## Local Development ### prerequisites 1. git installed on system -2. python installed on system (3.10+ recommended) +2. python installed on system (3.12+ recommended) ### local git setup diff --git a/pyproject.toml b/pyproject.toml index e1473d5..37fe4cb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -33,6 +33,7 @@ dev = [ "mypy", "mypy-extensions", "ruff", + "pip-audit", "pytest", "pytest-cov", "pytest-django", @@ -51,10 +52,6 @@ docker = [ exclude_dirs = ["venv", "django_project/tests", "django_project/*/management/commands"] -[tool.black] -line-length = 120 - - [tool.coverage.report] show_missing = true From 9e0bdd3ad55ddf5ea86031fc5d914b3816a4598f Mon Sep 17 00:00:00 2001 From: David Slusser Date: Sun, 19 Apr 2026 17:15:45 -0700 Subject: [PATCH 2/2] rename workflows; fix fawltydep --- .github/workflows/bandit.yaml | 2 +- .github/workflows/fawltydeps.yaml | 2 +- .github/workflows/isort.yaml | 2 +- .github/workflows/mypy.yaml | 2 +- .github/workflows/pip_audit.yaml | 2 +- .github/workflows/pytest.yaml | 2 +- .github/workflows/radon.yaml | 2 +- .github/workflows/ruff_format.yaml | 2 +- .github/workflows/ruff_lint.yaml | 2 +- README.md | 1 + pyproject.toml | 1 + 11 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/bandit.yaml b/.github/workflows/bandit.yaml index 29a1b76..5c22b2b 100644 --- a/.github/workflows/bandit.yaml +++ b/.github/workflows/bandit.yaml @@ -1,4 +1,4 @@ -name: Security Analysis (bandit) +name: Security Analysis on: push: diff --git a/.github/workflows/fawltydeps.yaml b/.github/workflows/fawltydeps.yaml index 4f709ad..be0a391 100644 --- a/.github/workflows/fawltydeps.yaml +++ b/.github/workflows/fawltydeps.yaml @@ -1,4 +1,4 @@ -name: Dependency Consistency Check (fawltydeps) +name: Dependency Consistency Check on: pull_request: diff --git a/.github/workflows/isort.yaml b/.github/workflows/isort.yaml index 5b52f95..5898ac3 100644 --- a/.github/workflows/isort.yaml +++ b/.github/workflows/isort.yaml @@ -1,4 +1,4 @@ -name: Import Order Validation (isort) +name: Import Order Validation on: push: diff --git a/.github/workflows/mypy.yaml b/.github/workflows/mypy.yaml index ac392b3..76b2732 100644 --- a/.github/workflows/mypy.yaml +++ b/.github/workflows/mypy.yaml @@ -1,4 +1,4 @@ -name: Type Checking (mypy) +name: Type Checking on: push: diff --git a/.github/workflows/pip_audit.yaml b/.github/workflows/pip_audit.yaml index f31d568..5b16c40 100644 --- a/.github/workflows/pip_audit.yaml +++ b/.github/workflows/pip_audit.yaml @@ -1,4 +1,4 @@ -name: Dependency Consistency Check (pip-audit) +name: Dependency Vulnerability Scan on: pull_request: diff --git a/.github/workflows/pytest.yaml b/.github/workflows/pytest.yaml index d5f1c63..a325f7a 100644 --- a/.github/workflows/pytest.yaml +++ b/.github/workflows/pytest.yaml @@ -1,4 +1,4 @@ -name: Unittest Execution (pytest) +name: Unittest Execution on: push: diff --git a/.github/workflows/radon.yaml b/.github/workflows/radon.yaml index 516014c..a8e5f30 100644 --- a/.github/workflows/radon.yaml +++ b/.github/workflows/radon.yaml @@ -1,4 +1,4 @@ -name: Code Metrics Analysis (radon) +name: Code Metrics Analysis on: push: diff --git a/.github/workflows/ruff_format.yaml b/.github/workflows/ruff_format.yaml index ea1f7fb..ee94872 100644 --- a/.github/workflows/ruff_format.yaml +++ b/.github/workflows/ruff_format.yaml @@ -1,4 +1,4 @@ -name: Code Consistency Check (ruff format) +name: Code Consistency Check on: push: diff --git a/.github/workflows/ruff_lint.yaml b/.github/workflows/ruff_lint.yaml index adcc2f2..a9fb84c 100644 --- a/.github/workflows/ruff_lint.yaml +++ b/.github/workflows/ruff_lint.yaml @@ -1,4 +1,4 @@ -name: Static Code Analysis (ruff lint) +name: Static Code Analysis on: push: diff --git a/README.md b/README.md index 08589ca..316093c 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ https://www.spokanepython.com |FawltyDeps|dependency consistency check|![Lint](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/fawltydeps.yaml/badge.svg)| |Isort|python import ordering|![Isort](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/isort.yaml/badge.svg)| |Mypy|static type checking|![Mypy](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/mypy.yaml/badge.svg)| +|Pip Audit|dependency vulnerability scan|![Audit](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/pip_audit.yaml/badge.svg)| |Radon|code complexity analysis|![Radon](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/radon.yaml/badge.svg)| |Ruff Format|code formatting|![Format](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/ruff_format.yaml/badge.svg)| |Ruff Lint|static code analysis|![Lint](https://github.com/SpokaneTech/SpokanePythonWeb/actions/workflows/ruff_lint.yaml/badge.svg)| diff --git a/pyproject.toml b/pyproject.toml index 37fe4cb..6166494 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -88,6 +88,7 @@ ignore_unused = [ "mypy", "mypy-extensions", "ruff", + "pip-audit", "psycopg2-binary", "pytest", "pytest-cov",