anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge security jobs into CI workflow so open-pr needs all checks
All checks were successful
CI / Lint (ruff) (push) Successful in 11s
Details
CI / Test (pytest) (3.11) (push) Successful in 18s
Details
CI / Test (pytest) (3.12) (push) Successful in 19s
Details
CI / SAST (bandit) (push) Successful in 12s
Details
CI / Dependency audit (pip-audit) (push) Successful in 18s
Details
CI / Open PR to main (push) Successful in 4s
Details

Browse Source
This commit is contained in:
anti
2026-04-04 17:43:55 -03:00
parent cf36ebcd84
commit ed749a8c31
2 changed files with 25 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.gitea/workflows/ci.yml
View File

@@ -30,10 +30,33 @@ jobs:
- run: pip install -e . - run: pip install -e .
- run: pytest tests/ -v --tb=short - run: pytest tests/ -v --tb=short
bandit:
name: SAST (bandit)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install bandit
- run: bandit -r decnet/ -ll -x decnet/services/registry.py
pip-audit:
name: Dependency audit (pip-audit)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install pip-audit
- run: pip install -e .
- run: pip-audit --skip-editable
open-pr: open-pr:
name: Open PR to main name: Open PR to main
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [lint, test] needs: [lint, test, bandit, pip-audit]
if: github.ref == 'refs/heads/dev' if: github.ref == 'refs/heads/dev'
steps: steps:
- name: Open PR via Gitea API - name: Open PR via Gitea API
@@ -53,6 +76,6 @@ jobs:
"title": "Auto PR: dev → main", "title": "Auto PR: dev → main",
"head": "dev", "head": "dev",
"base": "main", "base": "main",
"body": "All CI checks passed. Review and merge when ready." "body": "All CI and security checks passed. Review and merge when ready."
}' \ }' \
"https://git.resacachile.cl/api/v1/repos/anti/DECNET/pulls" "https://git.resacachile.cl/api/v1/repos/anti/DECNET/pulls"

29
.gitea/workflows/security.yml
View File

@@ -1,29 +0,0 @@
name: Security
on:
push:
branches: [dev, testing]
jobs:
bandit:
name: SAST (bandit)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install bandit
- run: bandit -r decnet/ -ll -x decnet/services/registry.py
pip-audit:
name: Dependency audit (pip-audit)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install pip-audit
- run: pip install -e .
- run: pip-audit --skip-editable