Mark as beta release with known limitations #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dev dependencies | |
| run: pip install pytest ruff | |
| - name: Lint | |
| run: ruff check scanner/ tests/ | |
| - name: Test | |
| run: pytest tests/ -v | |
| integration-uv: | |
| runs-on: ubuntu-latest | |
| needs: lint-and-test | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Run scanner against uv fixture | |
| run: | | |
| REPORT=$(python -m scanner.cli --mode uv --path tests/fixtures 2>&1 || true) | |
| echo "$REPORT" | |
| # Fixture has certifi 2023.7.22 — must find at least 1 vuln | |
| echo "$REPORT" | grep -q "Vulnerability Audit" | |
| echo "$REPORT" | grep -q "certifi" | |
| echo "uv integration test passed — vulnerabilities detected as expected" | |
| integration-pip: | |
| runs-on: ubuntu-latest | |
| needs: lint-and-test | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install packages from fixture requirements.txt | |
| run: pip install -r tests/fixtures/requirements.txt | |
| - name: Run scanner in pip mode | |
| run: | | |
| REPORT=$(python -m scanner.cli --mode pip --path tests/fixtures 2>&1 || true) | |
| echo "$REPORT" | |
| # Fixture has cryptography 41.0.0 — must find at least 1 vuln | |
| echo "$REPORT" | grep -q "Vulnerability Audit" | |
| echo "$REPORT" | grep -q "cryptography" | |
| echo "pip integration test passed — vulnerabilities detected as expected" |