Skip to content

fix typings + drop python 3.8 + pin deps for securit vulnerability fixes #878

fix typings + drop python 3.8 + pin deps for securit vulnerability fixes

fix typings + drop python 3.8 + pin deps for securit vulnerability fixes #878

Workflow file for this run

# look for secrets pushed by mistake
# NOTE: To fix problematic commits that got references to detected secrets, execute the following:
# 1. Assuming the branch is built on top of master for a PR
# >> git rebase -i master
# 2. Then, replace "pick" by "squash" for matched problematic commits
# If this didn't work, more advanced edit of history commits needs to be applied.
# Please refer to git interactive rebase documentation to do so.
# 3. Finally re-run secrets analysis to validate that problems where fixed
name: Secret Scan
on:
- pull_request
- push
jobs:
#trufflehog:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@master
# - name: trufflehog-actions-scan
# uses: edplato/trufflehog-actions-scan@master
#- uses: max/secret-scan@master
# with:
# repo-token: "${{ secrets.GITHUB_TOKEN }}"
# ref: https://github.com/svdarren/secrets-workflow/blob/9633bc1195a1ca1d4d70415aa4eff6cf55d706de/.github/workflows/secrets.yml
gitleak:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: '0'
- name: Install dependencies
run: docker pull zricethezav/gitleaks
#- run: |
# docker run --name=gitleaks --volume $GITHUB_WORKSPACE:/workspace/ \
# -v --exclude-forks --redact --threads=1 --branch=$GITHUB_REF --repo-path=/workspace/
#- run: docker run --rm --name=gitleaks -v /tmp/:/code/ zricethezav/gitleaks -v --repo-path=/code/gitleaks
# @todo command is failing
#- run: gitleaks -v --exclude-forks --redact --threads=1 --branch=$GITHUB_REF --repo-path=$GITHUB_WORKSPACE
# FIXME: revert to original repo when (if) they ever consider the fix
# https://github.com/eshork/gitleaks-action/pull/4
# https://github.com/eshork/gitleaks-action/issues/3
- uses: fmigneault/gitleaks-action@master
#- uses: eshork/[email protected]
# NOTE:
# does the same as gitleaks-action, but over the whole git history + posts found problem on issue/PR comments
# disable as it causes old (fixed) problems to be detected
#- uses: CySeq/gitcret@v2
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}