Adding safety check

andywick-aws · andywick-aws · commit ab12b9351369 · 2022-04-10T12:12:56.000-05:00
diff --git a/.github/workflows/python-license-check.yml b/.github/workflows/python-license-check.yml
@@ -1,12 +1,12 @@
-name: Python License Checks
+name: Python Dependency License Check with Pylic
 
 on: push
 
 jobs:
   Linting:
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
         python-version: [3.9]
     steps:
diff --git a/.github/workflows/safety.yml b/.github/workflows/safety.yml
@@ -0,0 +1,58 @@
+name: Python Dependency Vulnerability Check with Safety
+
+on: push
+
+jobs:
+  Linting:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        python-version: [3.9]
+    steps:
+      #----------------------------------------------
+      #       check-out repo and set-up python
+      #----------------------------------------------
+      - name: Check out repository
+        uses: actions/checkout@v3
+      - name: Set up python
+        id: setup-python
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.9
+      #----------------------------------------------
+      #  -----  install & configure poetry  -----
+      #----------------------------------------------
+      - name: Load Cached Poetry Installation
+        uses: actions/cache@v3
+        with:
+          path: ~/.local # the path depends on the OS
+          key: poetry-no-dev-2 # increment to reset cache
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+          installer-parallel: true
+      #----------------------------------------------
+      #       load cached venv if cache exists
+      #----------------------------------------------
+      - name: Load cached venv
+        id: cached-poetry-no-dev-dependencies
+        uses: actions/cache@v3
+        with:
+          path: .venv
+          key: venv-no-dev-dependencies-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
+      #----------------------------------------------
+      # install dependencies if cache does not exist
+      #----------------------------------------------
+      - name: Install dependencies
+        if: steps.cached-poetry-no-dev-dependencies.outputs.cache-hit != 'true'
+        run: poetry install --no-dev --no-root
+      #----------------------------------------------
+      # Run Safety check
+      #----------------------------------------------
+      - name: Safety check
+        run: |
+          poetry run pip install safety
+          poetry run safety check
