-
Notifications
You must be signed in to change notification settings - Fork 8
49 lines (40 loc) · 1.3 KB
/
Copy pathaudit-python-fastapi.yml
File metadata and controls
49 lines (40 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: Audit Python FastAPI Dependencies
on:
pull_request:
branches:
- development
paths:
- 'mflix/server/python-fastapi/**'
permissions:
contents: read
jobs:
audit:
name: pip-audit (Python FastAPI)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
- name: Install pip-audit
run: pip install pip-audit
- name: Audit dependencies
working-directory: mflix/server/python-fastapi
run: pip-audit -r requirements.txt --format json -o audit-results.json || true
- name: Generate audit summary
if: always()
run: |
chmod +x .github/scripts/generate-audit-summary-pip.sh
.github/scripts/generate-audit-summary-pip.sh \
mflix/server/python-fastapi/audit-results.json \
"Python FastAPI"
- name: Check for vulnerabilities
run: |
vuln_count=$(jq '[.dependencies[].vulns | length] | add // 0' mflix/server/python-fastapi/audit-results.json)
if [ "$vuln_count" -gt 0 ]; then
echo "❌ Found $vuln_count vulnerabilities"
exit 1
fi
echo "✅ No vulnerabilities found"