pyTooling/Actions
1
0
Fork 0
mirror of https://github.com/pyTooling/Actions.git synced 2026-02-12 02:56:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Test Bandit reporting.

Browse Source
This commit is contained in:
Patrick Lehmann
2025-09-23 18:13:43 +02:00
parent 22bbe48d4b
commit 055863ee5f
3 changed files with 17 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.github/workflows/CheckCodeQuality.yml vendored
View File

@@ -88,6 +88,13 @@ jobs:
id: bandit id: bandit
if: inputs.artifact != '' if: inputs.artifact != ''
run: | run: |
set +e
ANSI_LIGHT_RED=$'\x1b[91m'
ANSI_LIGHT_GREEN=$'\x1b[92m'
ANSI_LIGHT_BLUE=$'\x1b[94m'
ANSI_NOCOLOR=$'\x1b[0m'
bandit_directory=report/bandit bandit_directory=report/bandit
bandit_fullpath=report/bandit/report.xml bandit_fullpath=report/bandit/report.xml
@@ -97,40 +104,29 @@ jobs:
EOF EOF
mkdir -p ${bandit_directory} mkdir -p ${bandit_directory}
printf "\nRun bandit ...\n"
bandit -c pyproject.toml -r ${{ inputs.package_directory }} -f xml -o ${bandit_fullpath} bandit -c pyproject.toml -r ${{ inputs.package_directory }} -f xml -o ${bandit_fullpath}
if [[ $? -eq 0 ]]; then
- name: Check if report is empty (⇒ no issues found) printf "Bandit result: ${ANSI_LIGHT_GREEN}[PASSED]${ANSI_NOCOLOR}\n"
id: check
run: |
set +e
ANSI_LIGHT_RED=$'\x1b[91m'
ANSI_LIGHT_GREEN=$'\x1b[92m'
ANSI_LIGHT_BLUE=$'\x1b[94m'
ANSI_NOCOLOR=$'\x1b[0m'
printf "Checking if bandit found problems ... "
if [[ $(grep -P '<testsuite\sname="bandit"\stests="0"\s/>' ${{ steps.bandit.outputs.bandit_fullpath }}) ]]; then
printf "${ANSI_LIGHT_GREEN}[OK]${ANSI_NOCOLOR}\n"
printf "bandit_passed=true\n" >> "${GITHUB_OUTPUT}" printf "bandit_passed=true\n" >> "${GITHUB_OUTPUT}"
else else
faults=$(grep -Poh '(?<=<testsuite\sname="bandit"\stests=")(\d+)(?=">)' ${{ steps.bandit.outputs.bandit_fullpath }}) faults=$(grep -Poh '(?<=<testsuite\sname="bandit"\stests=")(\d+)(?=">)' ${bandit_fullpath})
printf "${ANSI_LIGHT_RED}[ERROR]${ANSI_NOCOLOR}\n" printf "Bandit result: ${ANSI_LIGHT_RED}[FAILED]${ANSI_NOCOLOR}\n"
printf " ${ANSI_LIGHT_RED}Bandit found %s issues.${ANSI_NOCOLOR}\n" "${faults}" printf " ${ANSI_LIGHT_RED}Bandit found %s issues.${ANSI_NOCOLOR}\n" "${faults}"
printf "::error title=%s::%s\n" "🚨 Security Scanning (Bandit)" "Bandi found ${faults} issues." printf "::error title=%s::%s\n" "🚨 Security Scanning (Bandit)" "Bandi found ${faults} issues."
printf "bandit_passed=false\n" >> "${GITHUB_OUTPUT}" printf "bandit_passed=false\n" >> "${GITHUB_OUTPUT}"
printf "::group::${ANSI_LIGHT_BLUE}JUnit XML report created by Bandit ...${ANSI_NOCOLOR}\n" printf "::group::${ANSI_LIGHT_BLUE}JUnit XML report created by Bandit ...${ANSI_NOCOLOR}\n"
cat ${{ steps.bandit.outputs.bandit_fullpath }} cat ${bandit_fullpath}
printf "::endgroup::\n" printf "\n::endgroup::\n"
fi fi
- name: 📊 Publish Bandit Results - name: 📊 Publish Bandit Results
uses: dorny/test-reporter@v2 uses: dorny/test-reporter@v2
if: steps.check.outputs.bandit_passed == 'false' if: steps.bandit.outputs.bandit_passed == 'false'
continue-on-error: true continue-on-error: true
with: with:
name: 'Bandit Results' name: 'Bandit Results'

176
.github/workflows/_Checking_Releaser.yml vendored
View File

@@ -1,176 +0,0 @@
# ==================================================================================================================== #
# Authors: #
# Unai Martinez-Corral #
# #
# ==================================================================================================================== #
# Copyright 2020-2025 The pyTooling Authors #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# You may obtain a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
# #
# SPDX-License-Identifier: Apache-2.0 #
# ==================================================================================================================== #
name: Verification Pipeline for Releaser
on:
push:
tags:
- '*'
- '!tip'
- '!v*'
branches:
- '**'
- '!r*'
workflow_dispatch:
schedule:
- cron: '0 0 * * 4'
env:
CI: true
jobs:
Image:
runs-on: ubuntu-24.04
env:
DOCKER_BUILDKIT: 1
steps:
- uses: actions/checkout@v5
- name: Build container image
run: docker build -t ghcr.io/pytooling/releaser -f releaser/Dockerfile releaser
- name: Push container image
uses: ./with-post-step
with:
main: |
echo '${{ github.token }}' | docker login ghcr.io -u GitHub-Actions --password-stdin
docker push ghcr.io/pytooling/releaser
post: docker logout ghcr.io
Composite:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
- run: printf "%s\n" "Build some tool and generate some (versioned) artifacts" > artifact-$(date -u +"%Y-%m-%dT%H-%M-%SZ").txt
- name: Single
uses: ./releaser/composite
with:
rm: true
token: ${{ secrets.GITHUB_TOKEN }}
files: artifact-*.txt
- name: List
uses: ./releaser/composite
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: |
artifact-*.txt
README.md
- name: Add artifacts/*.txt
run: |
mkdir artifacts
printf "%s\n" "Build some tool and generate some artifacts" > artifacts/artifact.txt
touch artifacts/empty_file.txt
- name: Single in subdir
uses: ./releaser/composite
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: artifacts/artifact.txt
- name: Add artifacts/*.md
run: |
printf "%s\n" "releaser hello" > artifacts/hello.md
printf "%s\n" "releaser world" > artifacts/world.md
- name: Directory wildcard
uses: ./releaser/composite
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: artifacts/*
- name: Add artifacts/subdir
run: |
mkdir artifacts/subdir
printf "%s\n" "Test recursive glob" > artifacts/subdir/deep_file.txt
- name: Directory wildcard (recursive)
uses: ./releaser/composite
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: artifacts/**
Test:
needs:
- Image
- Composite
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
- run: printf "%s\n" "Build some tool and generate some (versioned) artifacts" > artifact-$(date -u +"%Y-%m-%dT%H-%M-%SZ").txt
- name: Single
uses: ./releaser
with:
rm: true
token: ${{ secrets.GITHUB_TOKEN }}
files: artifact-*.txt
- name: List
uses: ./releaser
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: |
artifact-*.txt
README.md
- name: Add artifacts/*.txt
run: |
mkdir artifacts
printf "%s\n" "Build some tool and generate some artifacts" > artifacts/artifact.txt
touch artifacts/empty_file.txt
- name: Single in subdir
uses: ./releaser
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: artifacts/artifact.txt
- name: Add artifacts/*.md
run: |
printf "%s\n" "releaser hello" > artifacts/hello.md
printf "%s\n" "releaser world" > artifacts/world.md
- name: Directory wildcard
uses: ./releaser
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: artifacts/*
- name: Add artifacts/subdir
run: |
mkdir artifacts/subdir
printf "%s\n" "Test recursive glob" > artifacts/subdir/deep_file.txt
- name: Directory wildcard (recursive)
uses: ./releaser
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: artifacts/**

2
myPackage/__init__.py
View File

@@ -40,6 +40,8 @@ __version__ = "0.4.5"
__keywords__ = ["GitHub Actions"] __keywords__ = ["GitHub Actions"]
__issue_tracker__ = "https://GitHub.com/pyTooling/Actions/issues" __issue_tracker__ = "https://GitHub.com/pyTooling/Actions/issues"
from subprocess import check_call
from pyTooling.Decorators import export, readonly from pyTooling.Decorators import export, readonly
from pyTooling.Platform import Platform from pyTooling.Platform import Platform