diff --git a/.github/workflows/onpush.yml b/.github/workflows/onpush.yml index f8ac0ad..0a7a54a 100644 --- a/.github/workflows/onpush.yml +++ b/.github/workflows/onpush.yml @@ -1,36 +1,50 @@ name: Giza CI on: - pull_request: - types: [ opened, synchronize ] - push: - branches: [main] + pull_request: + types: [opened, synchronize] + push: + branches: [main] jobs: build: runs-on: ubuntu-latest + permissions: + security-events: write strategy: matrix: python-version: ["3.11"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} + - name: Install dependencies run: | python -m pip install --upgrade pip python -m pip install poetry poetry config virtualenvs.create false poetry install --all-extras + + - name: Perform Bandit Analysis + uses: PyCQA/bandit-action@v1 + with: + severity: high, medium + confidence: high + targets: "." + - name: Lint with ruff run: | poetry run ruff giza + - name: Pre-commit check run: | poetry run pre-commit run --all-files + - name: Testing run: | poetry run pytest --cov=giza.agents --cov-report term-missing diff --git a/.github/workflows/onrelease.yml b/.github/workflows/onrelease.yml index 363c980..9cb4a26 100644 --- a/.github/workflows/onrelease.yml +++ b/.github/workflows/onrelease.yml @@ -28,11 +28,13 @@ jobs: python -m pip install poetry poetry config virtualenvs.create false poetry install + - name: Lint with ruff run: | poetry run ruff giza - name: Build dist run: poetry build + - name: Publish a Python distribution to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: