Skip to content

security updates

security updates #1381

Workflow file for this run

name: Run CI
permissions: read-all
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
name: Lint Code
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
lfs: true
- name: setup CI
uses: lava-nc/[email protected]
with:
repository: 'Lava'
- name: Run flakeheaven (flake8)
run: |
poetry run flakeheaven lint src/lava tests/
poetry run find tutorials/ -name '*.py' -exec flakeheaven lint {} \+
security-lint:
name: Security Lint Code
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
lfs: true
- name: setup CI
uses: lava-nc/[email protected]
with:
repository: 'Lava'
- name: Run bandit
uses: tj-actions/[email protected]
with:
targets: |
src/lava/.
options: "-r --format custom --msg-template '{abspath}:{line}: {test_id}[bandit]: {severity}: {msg}'"
unit-tests:
name: Unit Test Code + Coverage
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-13]
steps:
- uses: actions/checkout@v3
with:
lfs: true
- name: setup CI
uses: lava-nc/[email protected]
with:
repository: 'Lava'
- name: Run unit tests
run: |
poetry run git lfs fetch
poetry run git lfs pull
poetry run coverage run -m unittest discover -s tests/ -t . -vv
- name: Generate coverage report
if: runner.os == 'Linux'
run: poetry run coverage xml
- name: Archive coverage report
if: runner.os == 'Linux'
uses: actions/upload-artifact@v3
with:
name: coverage
path: coverage.xml
retention-days: 30