Merge pull request #348 from ucam-department-of-psychiatry/report-fai… #150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # yamllint disable rule:line-length | |
| name: Python package checks | |
| # yamllint disable-line rule:truthy | |
| on: | |
| push: | |
| paths: | |
| - '**.py' | |
| - .github/scripts/python_setup.sh | |
| - .github/workflows/python-package-checks.yml | |
| jobs: | |
| python-package-checks: | |
| strategy: | |
| matrix: | |
| python-version: [3.8, 3.9, "3.10"] | |
| # LTS versions | |
| os: [ubuntu-20.04, ubuntu-22.04] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Python package checks | |
| run: | | |
| set -euxo pipefail | |
| ${GITHUB_WORKSPACE}/.github/scripts/python_setup.sh | |
| source ${HOME}/venv/bin/activate | |
| echo checking packages for conflicts | |
| python -m pip check | |
| echo installing vulnerability checker | |
| python -m pip install safety | |
| echo checking packages for vulnerabilities | |
| # All of these vulnerabilities look either harmless or very low risk | |
| # 51668 sqlalchemy fix in 2.0 beta, we don't log Engine.URL() | |
| # https://github.com/sqlalchemy/sqlalchemy/issues/8567 | |
| # 52495 setuptools fix in 65.5.1, we'll be careful not to | |
| # install malicious packages. | |
| safety check --full-report --ignore=51668 --ignore=52495 |