-
Notifications
You must be signed in to change notification settings - Fork 0
45 lines (35 loc) · 1.25 KB
/
check-python.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Check Python Code
on:
workflow_call:
jobs:
check-python:
runs-on: "ubuntu-latest"
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Install poetry
run: pipx install poetry
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "poetry"
- name: Install dependencies
run: poetry install --no-interaction --no-root
- name: Audit with pip-audit
run: |
# audit non dev dependencies, no exclusions
poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
# audit all dependencies, with exclusions
poetry run pip-audit \
--ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
- name: Check formatting with Black
run: |
# stop the build if there are files that don't meet formatting requirements
poetry run black .
- name: Check linting with Ruff
run: |
# stop the build if there are Python syntax errors or undefined names
poetry run ruff .
- name: Check types with mypy
run: poetry run mypy