build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 #1095
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Python lint | |
on: | |
push: | |
branches: | |
- main | |
- devel-* | |
pull_request: | |
branches: [ main ] | |
permissions: | |
contents: read | |
env: | |
SEMGREP_RULES: >- # https://semgrep.dev/explore | |
p/security-audit | |
p/secrets | |
p/flask | |
p/python | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.10', '3.11', '3.12', '3.13'] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install poetry | |
run: pipx install poetry | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{matrix.python-version}} | |
cache: 'poetry' | |
- name: Install System deps | |
run: | | |
sudo apt update | |
sudo apt install python3-dev # for compiling things | |
sudo apt install libpango-1.0-0 libharfbuzz0b libpangoft2-1.0-0 # For HTML -> PDF | |
sudo apt install libreoffice-base-nogui libreoffice-calc-nogui libreoffice-draw-nogui libreoffice-impress-nogui libreoffice-math-nogui libreoffice-writer-nogui # For Office -> PDF | |
sudo apt install exiftool # for extracting exif information | |
sudo apt install libfuzzy-dev # for pydeep, until the wheel is available for python 3,13 | |
- name: Install with poetry | |
run: | | |
poetry install | |
- name: bandit | |
run: | | |
poetry run bandit -c pyproject.toml -r . | |
if: ${{ always() }} | |
- name: codespell | |
uses: codespell-project/actions-codespell@master | |
with: | |
skip: ./cache/cache.conf,./poetry.lock,./storage/kvrocks.conf | |
ignore_words_file: .codespellignore | |
if: ${{ always() }} | |
- name: flake8 | |
run: | | |
poetry run flake8 . --show-source --statistics --exclude yara_repos | |
if: ${{ always() }} | |
- name: pylint | |
run: | | |
poetry run pylint -ry bin pandora tools website | |
if: ${{ always() }} | |
- name: semgrep | |
run: | | |
poetry run semgrep --config auto | |
if: ${{ always() }} |