SRA genai bedrock capability one #453
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: safety - Python Dependency Check | |
on: | |
pull_request_target: | |
branches: | |
- main | |
push: | |
jobs: | |
Linting: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
matrix: | |
python-version: [3.9] | |
steps: | |
#---------------------------------------------- | |
# check-out repo and set-up python | |
#---------------------------------------------- | |
- name: Check out repository | |
uses: actions/checkout@v3 | |
- name: Set up python | |
id: setup-python | |
uses: actions/setup-python@v3 | |
with: | |
python-version: 3.9 | |
#---------------------------------------------- | |
# ----- install & configure poetry ----- | |
#---------------------------------------------- | |
- name: Load Cached Poetry Installation | |
uses: actions/cache@v3 | |
with: | |
path: ~/.local # the path depends on the OS | |
key: poetry-no-dev-2 # increment to reset cache | |
- name: Install Poetry | |
uses: snok/install-poetry@v1 | |
with: | |
virtualenvs-create: true | |
virtualenvs-in-project: true | |
installer-parallel: true | |
#---------------------------------------------- | |
# load cached venv if cache exists | |
#---------------------------------------------- | |
- name: Load cached venv | |
id: cached-poetry-no-dev-dependencies | |
uses: actions/cache@v3 | |
with: | |
path: .venv | |
key: venv-no-dev-dependencies-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
#---------------------------------------------- | |
# install dependencies if cache does not exist | |
#---------------------------------------------- | |
- name: Install dependencies | |
if: steps.cached-poetry-no-dev-dependencies.outputs.cache-hit != 'true' | |
run: poetry install --only main --no-root | |
#---------------------------------------------- | |
# Run Safety scan | |
#---------------------------------------------- | |
- name: Safety scan | |
env: | |
API_KEY: ${{secrets.SAFETY_API_KEY}} | |
run: | | |
poetry run pip install safety | |
poetry run safety --key "$API_KEY" --stage cicd scan |