# ==================================================================================================================== #
# Authors:                                                                                                             #
#   Patrick Lehmann                                                                                                    #
#                                                                                                                      #
# ==================================================================================================================== #
# Copyright 2025-2025 The pyTooling Authors                                                                            #
#                                                                                                                      #
# Licensed under the Apache License, Version 2.0 (the "License");                                                      #
# you may not use this file except in compliance with the License.                                                     #
# You may obtain a copy of the License at                                                                              #
#                                                                                                                      #
#   http://www.apache.org/licenses/LICENSE-2.0                                                                         #
#                                                                                                                      #
# Unless required by applicable law or agreed to in writing, software                                                  #
# distributed under the License is distributed on an "AS IS" BASIS,                                                    #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.                                             #
# See the License for the specific language governing permissions and                                                  #
# limitations under the License.                                                                                       #
#                                                                                                                      #
# SPDX-License-Identifier: Apache-2.0                                                                                  #
# ==================================================================================================================== #
name: Security Testing (SAST)

on:
  workflow_call:
    inputs:
      ubuntu_image_version:
        description: 'Ubuntu image version.'
        required: false
        default: '24.04'
        type: string
      python_version:
        description: 'Python version.'
        required: false
        default: '3.13'
        type: string
#      requirements:
#        description: 'Python dependencies to be installed through pip.'
#        required: false
#        default: 'bandit'
#        type: string
      package_directory:
        description: '.'
        required: true
        type: string
      artifact:
        description: 'Name of the package artifact.'
        required: true
        type: string

jobs:
  Bandit:
    name: 🚨 Security Scanning
    runs-on: "ubuntu-${{ inputs.ubuntu_image_version }}"

    steps:
      - name: ⏬ Checkout repository
        uses: actions/checkout@v5
        with:
          lfs: true
          submodules: true

      - name: 🐍 Setup Python ${{ inputs.python_version }}
        uses: actions/setup-python@v6
        with:
          python-version: ${{ inputs.python_version }}

      - name: ⚙ Install dependencies for packaging and release
        run: python -m pip install --disable-pip-version-check bandit

      - name: 👮 Bandit
        if: inputs.artifact != ''
        run: |
          bandit -c pyproject.toml -r ${{ inputs.package_directory }} -f xml -o report/bandit/report.xml