Add bandit workflow (#393)

Author: R-Palazzo

.github/workflows/static_code_analysis.yml

@@ -0,0 +1,33 @@
+name: Static Code Analysis
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  code-analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install bandit==1.7.7
+    - name: Save code analysis
+      run: bandit -r . -x ./tests -f txt -o static_code_analysis.txt --exit-zero
+    - name: Create pull request
+      id: cpr
+      uses: peter-evans/create-pull-request@v4
+      with:
+        token: ${{ secrets.GH_ACCESS_TOKEN }}
+        commit-message: Update static code analysis
+        title: Latest Code Analysis
+        body: "This is an auto-generated PR with the **latest** code analysis results."
+        branch: static-code-analysis
+        branch-suffix: short-commit-hash
+        base: main

pyproject.toml

@@ -173,6 +173,7 @@ namespaces = false
 '*' = [
     '* __pycache__',
     '*.py[co]',
+    'static_code_analysis.txt',
 ]
 
 [tool.bumpversion]

tasks.py

@@ -66,7 +66,7 @@ def _get_minimum_versions(dependencies, python_version):
     for dependency in dependencies:
         if '@' in dependency:
             name, url = dependency.split(' @ ')
-            min_versions[name] = f'{name} @ {url}'
+            min_versions[name] = f'{url}#egg={name}'
             continue
 
         req = Requirement(dependency)

tests/test_tasks.py

@@ -1,3 +1,5 @@
+"""Tests for the ``tasks.py`` file."""
+
 from tasks import _get_minimum_versions
 
 
@@ -14,7 +16,7 @@ def test_get_minimum_versions():
         "pandas>=1.2.0,<2;python_version<'3.10'",
         "pandas>=1.3.0,<2;python_version>='3.10'",
         'humanfriendly>=8.2,<11',
-        'pandas @ git+https://github.com/pandas-dev/pandas.git@master#egg=pandas'
+        'pandas @ git+https://github.com/pandas-dev/pandas.git@master',
     ]
 
     # Run
@@ -24,12 +26,12 @@ def test_get_minimum_versions():
     # Assert
     expected_versions_39 = [
         'numpy==1.20.0',
-        'pandas @ git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
+        'git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
         'humanfriendly==8.2',
     ]
     expected_versions_310 = [
         'numpy==1.23.3',
-        'pandas @ git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
+        'git+https://github.com/pandas-dev/pandas.git@master#egg=pandas',
         'humanfriendly==8.2',
     ]