Tests

Merge pull request #67 from domain-protect/dependabot/pip/black-24.3.0 #91

Workflow file for this run

	name: Tests
	on:
	push:

	jobs:
	python_tests:
	name: Python tests
	runs-on: ubuntu-latest
	steps:
	- name: checkout
	uses: actions/checkout@v4

	- name: Set up Python 3.11
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'

	- name: Display Python version
	run: python -c "import sys; print(sys.version)"

	- name: Install dependencies
	run: \|
	pip install -r requirements-dev.txt

	- name: Black
	run: \|
	black --check --line-length 120 .

	- name: Prospector
	run: \|
	prospector

	- name: install bandit
	run: \|
	pip3 install --upgrade bandit
	echo $PATH
	bandit --version
	which bandit

	- name: prepare reports dir
	run: mkdir --parents ${{runner.temp}}/reports_sast_python/

	- name: generate json report
	run: >
	bandit -r
	--exit-zero
	--ini .config/sast_python_bandit_json.yml .
	1> ${{runner.temp}}/reports_sast_python/${RANDOM}.json

	- name: save json report
	uses: actions/upload-artifact@v4
	with:
	name: sast_python
	if-no-files-found: error
	path: ${{runner.temp}}/reports_sast_python/

	- name: test code
	run: >
	bandit
	--ini .config/sast_python_bandit_cli.yml .

	terraform_tests:
	name: Terraform tests
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: write
	pull-requests: write
	checks: write
	steps:
	- name: Terraform setup
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.4.6

	- name: checkout
	uses: actions/checkout@v4

	- name: Terraform validate
	id: fmt
	run: terraform fmt -check -recursive

	- name: install checkov
	run: \|
	pip3 install --upgrade checkov
	echo $PATH
	checkov --version
	which checkov

	- name: prepare reports dir
	run: mkdir --parents ${{runner.temp}}/reports_sast_terraform/

	- name: generate json report
	run: >
	checkov
	--config-file .config/sast_terraform_checkov_json.yml
	--directory .
	1> ${{runner.temp}}/reports_sast_terraform/${RANDOM}.json

	- name: save json report
	uses: actions/upload-artifact@v4
	with:
	name: sast_terraform
	if-no-files-found: error
	path: ${{runner.temp}}/reports_sast_terraform/

	- name: test code
	run: >
	checkov
	--config-file .config/sast_terraform_checkov_cli.yml
	--directory .

	CodeQL-Build:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'python' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}

	- name: Autobuild
	uses: github/codeql-action/autobuild@v3

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:${{matrix.language}}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #67 from domain-protect/dependabot/pip/black-24.3.0 #91

Workflow file

Merge pull request #67 from domain-protect/dependabot/pip/black-24.3.0 #91

Jobs

Run details

Workflow file for this run