Skip to content

[Snyk] Security upgrade cryptography from 38.0.0 to 43.0.1 #456

[Snyk] Security upgrade cryptography from 38.0.0 to 43.0.1

[Snyk] Security upgrade cryptography from 38.0.0 to 43.0.1 #456

Workflow file for this run

name: lint_python
on: [pull_request, push]
jobs:
lint_python:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:latest
env:
DEBUG: ${{ secrets.DEBUG }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
ports:
- 5432:5432
# needed because the postgres container does not provide a healthcheck
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
cache: 'pip'
- name: Install PostgreSQL client
run: |
sudo apt-get update
sudo apt-get install --yes postgresql-client
# https://www.hacksoft.io/blog/github-actions-in-action-setting-up-django-and-postgres#resources
- run: sudo apt-get install libpq-dev
- run: pip install --upgrade pip wheel
- run: pip install bandit black flake8 flake8-bugbear
flake8-comprehensions isort mypy pyupgrade safety
- run: bandit --recursive --skip B106,B110,B404,B501,B602,B603,B607 .
- run: black -S --target-version py310 --check .
- run: flake8 . --count --ignore=B,E203,E722,W503,W605 --max-complexity=28
--max-line-length=220 --show-source --statistics
- run: isort --check-only --profile black .
- run: |
pip install -r requirements.txt
mkdir --parents --verbose .mypy_cache
- run: mypy --ignore-missing-imports --install-types --non-interactive .
- run: python manage.py migrate
env: # https://stackoverflow.com/questions/61670081
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- run: python manage.py test
env: # https://stackoverflow.com/questions/61670081
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- run: shopt -s globstar && pyupgrade --py36-plus **/*.py || true
# - run: safety check --ignore=cryptography #temporarily ignore cryptography to avoid conflicts