New contrib script to track direct and indirect vulns in npm packages #1337
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python matrix CI | |
| on: | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: false | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ['3.10', '3.11', '3.12'] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.x' | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| - name: Trim CI agent | |
| run: | | |
| chmod +x contrib/free_disk_space.sh | |
| ./contrib/free_disk_space.sh | |
| - name: Display Python version | |
| run: python -c "import sys; print(sys.version)" | |
| - name: Install dependencies | |
| run: | | |
| python3 -m pip install --upgrade pip setuptools | |
| python3 -m pip install ".[dev]" | |
| - name: Lint with flake8 | |
| run: | | |
| # stop the build if there are Python syntax errors or undefined names | |
| flake8 --exclude test,contrib --exit-zero | |
| - name: Test with pytest | |
| run: | | |
| pytest --cov=depscan test | |
| - name: purl tests | |
| run: | | |
| python depscan/cli.py --purl "pkg:pypi/requests@2.32.1" | |
| python depscan/cli.py --purl "pkg:pypi/requests@4.0.0" | |
| python depscan/cli.py --purl "pkg:pypi/reqwestss@0.1.0" | |
| python depscan/cli.py --purl "pkg:npm/%40appthreat/cdxgen@7.0.5" | |
| python depscan/cli.py --purl "pkg:npm/%40appthreat/cdxgen@7.1.0" | |
| python depscan/cli.py --purl "pkg:npm/fsevents@1.2.10" | |
| python depscan/cli.py --purl "pkg:npm/@biomejs/biome@1.8.1" | |
| env: | |
| PYTHONIOENCODING: utf-8 | |
| - name: Generate SBOM with cdxgen | |
| run: | | |
| npm install -g @cyclonedx/cdxgen | |
| cdxgen -t python -o bom.json . -p --profile research --no-recurse | |
| python depscan/cli.py --bom bom.json | |
| env: | |
| PYTHONIOENCODING: utf-8 |