Update github workflows

gordon-code · May 19, 2023 · 2cd404e · 2cd404e
2 parents 1342a13 + bf67b98
commit 2cd404e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 23 deletions.
diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml
@@ -9,11 +9,10 @@ on:
 jobs:
   test-lint-scan:
     uses: ./.github/workflows/test_lint_scan.yml
-    secrets:
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   build_release:
     name: Build Release
+    needs: test-lint-scan
     permissions:
       # IMPORTANT: this permission is mandatory for trusted publishing
       id-token: write

diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml
@@ -11,6 +11,4 @@ on:
 
 jobs:
   test-lint-scan:
-    uses: ./.github/workflows/test_lint_scan.yml
-    secrets:
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    uses: ./.github/workflows/test_lint_scan.yml
diff --git a/.github/workflows/test_lint_scan.yml b/.github/workflows/test_lint_scan.yml
@@ -1,17 +1,15 @@
 name: Test - Lint - Scan
 on:
-  workflow_call:
-    secrets:
-      SNYK_TOKEN:
-        required: true
+  workflow_call: {}
+  workflow_dispatch: {}
 
 jobs:
   test:
     name: Testing
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: [3.8, 3.9, 3.10, 3.11]
+        python-version: [3.8, 3.9, "3.10", 3.11]
 
     runs-on: ${{ matrix.os }}
 
@@ -23,7 +21,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies
         run: |
-          pdm install -dG :all --no-self
+          pdm install -dG :all
       - name: Run Testing
         run: |
           pdm run -v testing
@@ -51,28 +49,26 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - name: Initialize Runtime Code Analysis
-        uses: github/codeql-action/init@v2
-        with:
-          languages: python
-      - name: Setup snyk CLI
-        uses: snyk/actions/setup@master
       - name: Set up PDM
         uses: pdm-project/setup-pdm@v3
         with:
           python-version: 3.11
       - name: Install dependencies
         run: |
           pdm install -dG :all --no-self
+          # Set the `CODEQL-PYTHON` environment variable to the Python executable
+          # that includes the dependencies
+          echo "CODEQL_PYTHON=$(pdm info --python)" >> $GITHUB_ENV
+      - name: Initialize Runtime Code Analysis
+        uses: github/codeql-action/init@v2
+        with:
+          languages: python
+          setup-python-dependencies: false
       - name: Perform Runtime Code Analysis
         uses: github/codeql-action/analyze@v2
       - name: Perform Secure Code Analysis (Secrets)
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./
-          base: ${{ github.ref_name }}
-          head: HEAD
-      - name: Snyk monitor
-        run: snyk test
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD