Dependency Check #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Check | |
| on: | |
| schedule: | |
| - cron: '0 2 * * 1' # Runs every Monday at 2 AM UTC | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| dependency-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 # Updated to v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 # Updated to v4 | |
| with: | |
| python-version: '3.10' # Specify Python version for consistency | |
| - name: Install pip-audit | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pip-audit | |
| - name: Run pip-audit for Dependency Vulnerability Check | |
| run: | | |
| pip-audit > audit_report.txt | |
| cat audit_report.txt | |
| continue-on-error: true | |
| - name: Upload Dependency Audit Report | |
| if: always() | |
| uses: actions/upload-artifact@v3 # Updated to v3 | |
| with: | |
| name: audit-report | |
| path: audit_report.txt | |
| - name: Fail on Vulnerabilities | |
| if: failure() | |
| run: exit 1 |