Skip to content

Update scorecard.yml #178

Update scorecard.yml

Update scorecard.yml #178

Workflow file for this run

name: Python Lint Workflow
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '22 3 * * 2'
workflow_dispatch:
jobs:
lint:
runs-on: ${{ matrix.os }}
strategy:
matrix:
linter: ['flake8', 'pylint', 'ruff', 'mypy', 'pytype', 'pyright', 'fixit', 'pyre']
python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12']
os: [ubuntu-latest, macos-latest] # doesn't yet work on Windows
fail-fast: false
permissions:
security-events: write
steps:
- name: Checkout repo
uses: actions/checkout@v4
# install dependencies for all linters, then run the linter, so we don't get import failures when the linters scan the code
# not required, just makes the test cases a bit cleaner
- name: Install pip dependencies
if: ${{ ! ( runner.os == 'macOS' && matrix.python-version == '3.7' ) }}
run: |
# deal with HomeBrew managed Python on GitHub Hosted MacOS runners
if [[ "${RUNNER_OS}" == "macOS" ]]; then
PIP_ARGS="--break-system-packages"
else
PIP_ARGS=""
fi
# upgrade pip, so that we can install flake8_sarif_formatter properly from the git repo
python3 -mpip install ${PIP_ARGS} -q --upgrade pip
# install packages one-by-one so it is clearer which fails, if it does
python_packages=('flake8' 'pylint' 'ruff' 'mypy' 'pytype' 'pyright' 'fixit' 'pyre-check' 'flake8-sarif-formatter')
for package in "${python_packages[@]}"; do
echo "Installing Python package ${package}"
if ! python3 -mpip install ${PIP_ARGS} -q "${package}"; then
echo "::warning::Failed to installed Python dependency ${package}, continuing"
fi
done
- name: Run Python Lint
if: ${{ ! ( runner.os == 'macOS' && matrix.python-version == '3.7' ) }}
uses: advanced-security/python-lint-code-scanning-action@main
with:
linter: ${{ matrix.linter }}
python-version: ${{ matrix.python-version }}