From d992ab84c53212429660c26ffd32f3960add2fa8 Mon Sep 17 00:00:00 2001 From: "yassin@siouda.com" Date: Mon, 12 Feb 2024 18:02:01 +0100 Subject: [PATCH] fix(ci): adding python deps check --- .github/workflows/sonarqube.yml | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index ee72679..08d7310 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -15,6 +15,20 @@ jobs: - uses: actions/checkout@v2 with: fetch-depth: 0 # Shallow clones should be disabled for better analysis relevancy + + # Set up Python for OWASP dependency check + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.8' # Specify the Python version + + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + pip install + working-directory: . # Change this to your Python project directory + - name: OWASP Dependency Check uses: dependency-check/Dependency-Check_Action@main with: @@ -22,11 +36,12 @@ jobs: path: '.' format: 'HTML' failBuild: true + - name: Upload Test results uses: actions/upload-artifact@master with: - name: Depcheck report - path: ${{github.workspace}}/reports/dependency-check-report.html + name: Depcheck report + path: ${{github.workspace}}/reports/dependency-check-report.html - name: Commit Reports uses: stefanzweifel/git-auto-commit-action@v5 @@ -41,8 +56,8 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - # Uncomment the following lines to fail the job when Quality Gate is red - # - uses: sonarsource/sonarqube-quality-gate-action@master - # timeout-minutes: 5 - # env: - # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file + # Uncomment the following lines to fail the job when Quality Gate is red + # - uses: sonarsource/sonarqube-quality-gate-action@master + # timeout-minutes: 5 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}