Add bandit workflow (#100)

sdv-dev · Apr 9, 2024 · 58277d2 · 58277d2
1 parent b296c14
commit 58277d2
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 5 deletions.
diff --git a/.github/workflows/static_code_analysis.yml b/.github/workflows/static_code_analysis.yml
@@ -0,0 +1,33 @@
+name: Static Code Analysis
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  code-analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install bandit==1.7.7
+    - name: Save code analysis
+      run: bandit -r . -x ./tests -f txt -o static_code_analysis.txt --exit-zero
+    - name: Create pull request
+      id: cpr
+      uses: peter-evans/create-pull-request@v4
+      with:
+        token: ${{ secrets.GH_ACCESS_TOKEN }}
+        commit-message: Update static code analysis
+        title: Latest Code Analysis
+        body: "This is an auto-generated PR with the **latest** code analysis results."
+        branch: static-code-analysis
+        branch-suffix: short-commit-hash
+        base: main
diff --git a/pyproject.toml b/pyproject.toml
@@ -95,14 +95,15 @@ namespaces = false
     'make.bat',
     '*.jpg',
     '*.png',
-    '*.gif'
+    '*.gif',
 ]
 'deepecho' = ['data/demo.csv']
 
 [tool.setuptools.exclude-package-data]
 '*' = [
     '* __pycache__',
     '*.py[co]',
+    'static_code_analysis.txt',
 ]
 
 [tool.setuptools.dynamic]

diff --git a/tasks.py b/tasks.py
@@ -44,7 +44,7 @@ def _get_minimum_versions(dependencies, python_version):
     for dependency in dependencies:
         if '@' in dependency:
             name, url = dependency.split(' @ ')
-            min_versions[name] = f'{name} @ {url}'
+            min_versions[name] = f'{url}#egg={name}'
             continue
 
         req = Requirement(dependency)

diff --git a/tests/test_tasks.py b/tests/test_tasks.py
@@ -16,7 +16,7 @@ def test_get_minimum_versions():
         "pandas>=1.2.0,<2;python_version<'3.10'",
         "pandas>=1.3.0,<2;python_version>='3.10'",
         'humanfriendly>=8.2,<11',
-        'pandas @ git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
+        'pandas @ git+https://github.com/pandas-dev/pandas.git@master',
     ]
 
     # Run
@@ -26,12 +26,12 @@ def test_get_minimum_versions():
     # Assert
     expected_versions_39 = [
         'numpy==1.20.0',
-        'pandas @ git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
+        'git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
         'humanfriendly==8.2',
     ]
     expected_versions_310 = [
         'numpy==1.23.3',
-        'pandas @ git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
+        'git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
         'humanfriendly==8.2',
     ]