eval-agents/.github/workflows/code_checks.yml at main · VectorInstitute/eval-agents · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: code checks
permissions:
  contents: read
  pull-requests: write

on:
  push:
    branches:
      - main
    paths:
      - .pre-commit-config.yaml
      - .github/workflows/code_checks.yml
      - '**.py'
      - uv.lock
      - pyproject.toml
      - '**.ipynb'
  pull_request:
    branches:
      - main
    paths:
      - .pre-commit-config.yaml
      - .github/workflows/code_checks.yml
      - '**.py'
      - uv.lock
      - pyproject.toml
      - '**.ipynb'

jobs:
  run-code-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6.0.3

      - name: Install uv
        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39
        with:
          # Install a specific version of uv.
          version: "0.9.22"
          enable-cache: true

      - name: "Set up Python"
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
        with:
          python-version-file: ".python-version"

      - name: Install dependencies and check code
        run: |
          uv venv .venv
          source .venv/bin/activate
          uv sync --all-extras --dev
          pre-commit run --all-files

      - name: pip-audit (gh-action-pip-audit)
        uses: pypa/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266
        with:
          virtual-environment: .venv/
          # Skipping one nbconvert vulnerability that has no fix version
          # Skipping one orjson vulnerability that has no fix version
          # Skipping one protobuf vulnerability that has no fix version
          # Skipping one pygments vulnerability that has no fix version
          # Skipping gradio vulnerability (PYSEC-2024-274): disputed, no fix version available
          # Skipping joblib vulnerability (PYSEC-2024-277): disputed, no fix version available
          # Skipping markdown vulnerability (PYSEC-2026-89): no fix version available on PyPI
          # Skipping pyjwt vulnerability (PYSEC-2025-183): disputed, no fix version available
          ignore-vulns: |
            GHSA-xm59-rqc7-hhvf
            GHSA-hx9q-6w63-j58v
            GHSA-7gcm-g887-7qv7
            CVE-2026-4539
            PYSEC-2024-274
            PYSEC-2024-277
            PYSEC-2026-89
            PYSEC-2025-183