ci: periodically scan for vulnerabilities #428
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will check our code for having a proper format, as well as the commit message to meet the expected ones | |
| name: Lint | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| if: "!startsWith(github.event.head_commit.message, 'bump:')" | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0 | |
| - name: Install the project | |
| run: uv sync --locked --group lint --group test --all-extras | |
| - name: Cache mypy cache | |
| uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.1 | |
| with: | |
| path: .mypy_cache | |
| key: mypy-${{ runner.os }} | |
| restore-keys: | | |
| mypy-${{ runner.os }} | |
| - name: Lint | |
| run: | | |
| uv run ruff format --check src tests eval | |
| uv run ruff check src tests eval | |
| uv run mypy src tests eval | |
| lint-commit: | |
| runs-on: ubuntu-latest | |
| if: "!startsWith(github.event.head_commit.message, 'bump:')" | |
| name: "Lint commit message" | |
| container: | |
| image: commitizen/commitizen:4.8.3@sha256:08a078c52b368f85f34257a66e10645ee74d8cbe9b471930b80b2b4e95a9bd4a | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Check commit message | |
| run: | | |
| git config --global --add safe.directory /__w/lightman-ai/lightman-ai | |
| cz check --rev-range HEAD |