-
Notifications
You must be signed in to change notification settings - Fork 655
33 lines (29 loc) · 1.48 KB
/
python_safety.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: python_safety
on: [pull_request, push]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
python_safety:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login != github.event.pull_request.base.repo.owner.login
runs-on: ubuntu-24.04
steps:
- run: sudo apt-get -q update
- run: sudo apt-get autopurge needrestart # https://github.com/actions/runner-images/pull/9956
- run: echo -e '[global]\nbreak-system-packages=true' | sudo tee /etc/pip.conf # error: externally-managed-environment
- run: sudo DEBIAN_FRONTEND="noninteractive" apt-get -qq --no-install-recommends install
gcc libcurl4-openssl-dev libssl-dev
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
check-latest: true
- run: pip install --upgrade pip setuptools
- run: pip install safety .
# Ignore CVE-2018-20225, which is IMO reasonably disputed: https://data.safetycli.com/v/67599/97c/
# "extra"-index-url means an index to "additionally" look for newer versions, pre-compiled wheels, or similar, not to force this index being used.
# There is "index-url" to enforce a different index: https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-i
# Ignore CVE-2019-8341 as well: https://github.com/pyupio/safety/issues/527
- run: safety check --ignore 67599,70612