41 lines
879 B
YAML
41 lines
879 B
YAML
name: audit
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "projects/crawler/**"
|
|
- ".github/workflows/crawler/**"
|
|
pull_request:
|
|
paths:
|
|
- "projects/crawler/**"
|
|
- ".github/workflows/crawler/**"
|
|
|
|
jobs:
|
|
bandit:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install uv
|
|
run: curl -LsSf https://astral.sh/uv/install.sh | sh
|
|
|
|
- name: Cache uv dependencies
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/uv
|
|
.venv
|
|
key: ${{ runner.os }}-uv-${{ hashFiles('**/uv.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-uv-
|
|
|
|
- name: Sync dependencies (with dev tools)
|
|
run: uv sync --dev
|
|
|
|
- name: Run Bandit (security linter)
|
|
run: uv run bandit -r . -c pyproject.toml || true
|