pyevmasm/.github/workflows/pip-audit.yml at master · crytic/pyevmasm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: Scan dependencies for vulnerabilities with pip-audit

on:
  push:
    branches: ["master"]
  pull_request:
    branches: ["master"]
  schedule:
    - cron: "0 12 * * *"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  pip-audit:
    runs-on: ubuntu-slim

    steps:
      - name: Checkout repository
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6
        with:
          persist-credentials: false

      - name: Install uv and Python
        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b  # v7
        with:
          python-version: "3.10"

      - name: Export dependencies
        run: uv export --format requirements-txt --no-emit-project > requirements.txt

      - name: Run pip-audit
        uses: pypa/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266  # v1.1.0
        with:
          inputs: requirements.txt