[Cycode] Fix vulnerable dependencies in manifest files of the repository raven #329
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test PR | |
| on: [pull_request] | |
| permissions: | |
| contents: read | |
| jobs: | |
| python-style: | |
| name: Style-check and lint Python files | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cycodelabs/cimon-action@v0 | |
| with: | |
| prevent: true | |
| fail-on-error: true | |
| allowed-hosts: > | |
| files.pythonhosted.org | |
| pypi.org | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: python -m pip install black flake8 | |
| - name: Black | |
| run: python -m black --diff --check . | |
| convention_check: | |
| name: Convention check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cycodelabs/cimon-action@v0 | |
| with: | |
| prevent: true | |
| fail-on-error: true | |
| - name: Check branch name | |
| env: | |
| BRANCH_NAME: ${{ github.head_ref }} | |
| run: | | |
| branch_prefix="^(feat|fix|refactor|chore|docs|test|library)\/[a-z0-9._-]+$" | |
| if [[ ! $BRANCH_NAME =~ $branch_prefix ]] | |
| then | |
| exit 1 | |
| fi | |
| exit 0 | |
| - name: Check PR title | |
| env: | |
| PR_TITLE: ${{ github.event.pull_request.title }} | |
| run: | | |
| title_prefix="^(feat|fix|refactor|chore|docs|test|library)(\([^ ]*\))?: [a-zA-Z0-9._ ]*$" | |
| if [[ ! $PR_TITLE =~ $title_prefix ]] | |
| then | |
| exit 1 | |
| fi | |
| exit 0 | |
| # A job that runs integration tests in an isolated environment against | |
| # a predefined organization: RavenIntegrationTests | |
| test_raven: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cycodelabs/cimon-action@v0 | |
| with: | |
| # Turn prevent once cimon docker compose bug is fixed | |
| # prevent: true | |
| fail-on-error: true | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Test Organization | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| make test-build | |
| # A job for testing the setup process and unit tests of RAVEN against | |
| # different versions of Python | |
| test_raven_package: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - uses: cycodelabs/cimon-action@v0 | |
| with: | |
| # Turn prevent once cimon docker compose bug is fixed | |
| # prevent: true | |
| fail-on-error: true | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Build Package | |
| run: python -m pip install . | |
| - name: Setup environment | |
| run: make setup | |
| - name: Test Raven | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| raven download account --token $GITHUB_TOKEN --account-name RavenIntegrationTests | |
| raven index | |
| raven report --format json | jq > /dev/null | |
| - name: Run Unit Tests | |
| run: pytest -v tests/unit |