-
Notifications
You must be signed in to change notification settings - Fork 6
50 lines (39 loc) · 1.45 KB
/
test-security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Python 依存パッケージの脆弱性診断を定期的に行う
# NOTE: 公式 Action は API key 等を必要とするため利用しない(https://github.com/pyupio/safety-action/tree/main)
name: Test Security
on:
# schedule:
# - cron: "00 04 15 * *" # 毎月15日 13:00 JST
workflow_dispatch:
env:
PYTHON_VERSION: "3.11.9"
defaults:
run:
shell: bash
jobs:
test-security:
runs-on: ubuntu-20.04
steps:
- name: <Setup> Check out the repository
uses: actions/checkout@v4
- name: Install Poetry
run: pipx install poetry
- name: <Setup> Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: poetry
- name: <Setup> Install Python dependencies
run: poetry install --with=test
- name: <Test> Check Python dependency security
run: poetry run safety check -o bare
# - name: <Deploy> Notify Discord of security testing result
# uses: sarisia/actions-status-discord@v1
# if: always()
# with:
# webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
# username: GitHub Actions
# title: "依存パッケージ脆弱性診断の結果"
# status: ${{ job.status }}
# color: ${{ job.status == 'success' && '0x00FF00' || '0xFF0000' }}
# url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"