Bump bandit from 1.7.10 to 1.8.0 #1540
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: lint_python | |
on: | |
push: | |
branches: | |
- "**" # run all branches | |
tags-ignore: | |
- "*" # ignore all tags, release.yaml will trigger the CI | |
pull_request: # run on all pull requests | |
concurrency: | |
cancel-in-progress: true | |
group: group-${{ github.ref_name }} | |
jobs: | |
lint_python: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python: ["3.8", "3.9", "3.10", "3.11", "3.x"] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
- run: pip install -U pip | |
- run: pip install -U bandit mypy pyupgrade safety tox setuptools | |
- run: bandit --recursive --skip B105,B110,B311,B605,B607 --exclude ./.tox . | |
if: ${{ matrix.python >= '3.8' }} | |
- run: tox -e lint | |
- run: tox -e py | |
- run: shopt -s globstar && pyupgrade --py3-only **/*.py # --py36-plus | |
- run: safety check -i 42559 -i 62044 -i 67599 -i 70612 # pip version issue, we don't care about it, we don't ship it | |
- run: tox -e build | |
- run: tox -e doc |