Skip to content

Commit

Permalink
try bandit action
Browse files Browse the repository at this point in the history 
Signed-off-by: BAStos525 <[email protected]>
  • Loading branch information
@BAStos525
BAStos525 committed Nov 19, 2024
1 parent a53d3e1 commit becd859
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 47 deletions.
93 changes: 47 additions & 46 deletions .github/workflows/pr-pytests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,18 @@ on:
branches: [i2/ci/py-sonar]

jobs:
# pytest:
# runs-on: ubuntu-latest
# strategy:
# matrix:
# python-version: [ 3.8 ]
# steps:
# - name: Set up Python ${{ matrix.python-version }}
# uses: actions/setup-python@v4
# with:
# python-version: ${{ matrix.python-version }}
# - name: Checkout code
# uses: actions/checkout@v4
pytest:
runs-on: ubuntu-latest
# strategy:
# matrix:
# python-version: [ 3.8 ]
steps:
# - name: Set up Python ${{ matrix.python-version }}
# uses: actions/setup-python@v4
# with:
# python-version: ${{ matrix.python-version }}
- name: Checkout code
uses: actions/checkout@v4
# # - name: Install dependencies
# # run: pip install poetry tomli-w
# # - name: Checkout irohad repo code
Expand All @@ -44,43 +44,44 @@ jobs:
# # pip install pytest faker allure-pytest pytest-cov bandit pylint &&
# # pip install --break-system-packages target/wheels/iroha2-*.whl &&
# # python -m pytest --cov=. --cov-report xml:coverage-reports/coverage-iroha-python.xml tests/"
# - name: Run Bandit
# run: |
# pip install bandit
# bandit -r tests/ -f json -o bandit-report.json
# # - name: Run pylint
# # run: |
# # pip install pylint
# # pylint tests > pylint-report.txt
# # - name: SonarQube
# # if: always()
# # uses: sonarsource/sonarqube-scan-action@master
# # env:
# # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# # SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
# # - name: Tear down the network
# # run: cd iroha_daemon && scripts/test_env.py cleanup

analyze:
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Perform Bandit Analysis
uses: PyCQA/bandit-action@v1
with:
targets: "tests/"
- name: show results
run: cat results.sarif
- name: Run Bandit
continue-on-error: true
run: |
pip install bandit
bandit -r tests/ -f json -o bandit-report.json
# - name: Run pylint
# run: |
# pip install pylint
# pylint tests > pylint-report.txt
- name: SonarQube
if: always()
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
# - name: Tear down the network
# # run: cd iroha_daemon && scripts/test_env.py cleanup

# analyze:
# runs-on: ubuntu-latest
# permissions:
# # required for all workflows
# security-events: write
# # only required for workflows in private repositories
# actions: read
# contents: read
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
# - name: Perform Bandit Analysis
# uses: PyCQA/bandit-action@v1
# with:
# targets: "tests/"
# - name: show results
# run: cat results.sarif
# - name: SonarQube
# if: always()
# uses: sonarsource/sonarqube-scan-action@master
# env:
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
2 changes: 1 addition & 1 deletion sonar-project.properties
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
sonar.projectKey = hyperledger-iroha:iroha-python
sonar.language = py
sonar.python.bandit.reportPaths = results.sarif
sonar.python.bandit.reportPaths = bandit-report.json
sonar.python.pylint.reportPaths = pylint-report.txt

0 comments on commit becd859

Please sign in to comment.