Skip to content

Adding config recorder service-linked role. #463

Adding config recorder service-linked role.

Adding config recorder service-linked role. #463

Workflow file for this run

name: safety - Python Dependency Check
on:
pull_request_target:
branches:
- main
push:
jobs:
Linting:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
python-version: [3.9]
steps:
#----------------------------------------------
# check-out repo and set-up python
#----------------------------------------------
- name: Check out repository
uses: actions/checkout@v3
- name: Set up python
id: setup-python
uses: actions/setup-python@v3
with:
python-version: 3.9
#----------------------------------------------
# ----- install & configure poetry -----
#----------------------------------------------
- name: Load Cached Poetry Installation
uses: actions/cache@v3
with:
path: ~/.local # the path depends on the OS
key: poetry-no-dev-2 # increment to reset cache
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
#----------------------------------------------
# load cached venv if cache exists
#----------------------------------------------
- name: Load cached venv
id: cached-poetry-no-dev-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-no-dev-dependencies-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-no-dev-dependencies.outputs.cache-hit != 'true'
run: poetry install --only main --no-root
#----------------------------------------------
# Run Safety scan
#----------------------------------------------
- name: Safety scan
env:
API_KEY: ${{secrets.SAFETY_API_KEY}}
run: |
poetry run pip install safety
poetry run safety --key "$API_KEY" --stage cicd scan