From 63203d2b74e9645504879600bea0cde8e2851e71 Mon Sep 17 00:00:00 2001
From: Ata Tekeli <tekeliata2000@gmail.com>
Date: Mon, 26 Aug 2024 13:20:29 +0300
Subject: [PATCH 1/2] change actions/checkout to v4,  python to v5, add bandit
 for common security issues in python code

---
 .github/workflows/onpush.yml | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/onpush.yml b/.github/workflows/onpush.yml
index f8ac0ad..0a7a54a 100644
--- a/.github/workflows/onpush.yml
+++ b/.github/workflows/onpush.yml
@@ -1,36 +1,50 @@
 name: Giza CI
 
 on:
-    pull_request:
-      types: [ opened, synchronize ]
-    push:
-      branches: [main]
+  pull_request:
+    types: [opened, synchronize]
+  push:
+    branches: [main]
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     strategy:
       matrix:
         python-version: ["3.11"]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
+          
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           python -m pip install poetry
           poetry config virtualenvs.create false
           poetry install --all-extras
+          
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+        with:
+          severity: high, medium
+          confidence: high
+          targets: "."
+
       - name: Lint with ruff
         run: |
           poetry run ruff giza
+          
       - name: Pre-commit check
         run: |
           poetry run pre-commit run --all-files
+          
       - name: Testing
         run: |
           poetry run pytest --cov=giza.agents --cov-report term-missing

From 8197a8e3067e2a7dca988e7f916f99669fade380 Mon Sep 17 00:00:00 2001
From: Ata Tekeli <tekeliata2000@gmail.com>
Date: Mon, 26 Aug 2024 13:35:53 +0300
Subject: [PATCH 2/2] make onrelease.yml more readable

---
 .github/workflows/onrelease.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/onrelease.yml b/.github/workflows/onrelease.yml
index 363c980..9cb4a26 100644
--- a/.github/workflows/onrelease.yml
+++ b/.github/workflows/onrelease.yml
@@ -28,11 +28,13 @@ jobs:
             python -m pip install poetry
             poetry config virtualenvs.create false
             poetry install
+
       - name: Lint with ruff
         run: |
             poetry run ruff giza
       - name: Build dist
         run: poetry build
+        
       - name: Publish a Python distribution to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with: