API Security Audit #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: API Security Audit | |
on: | |
schedule: | |
- cron: 0 8 * * * | |
jobs: | |
audit: | |
runs-on: ubuntu-latest | |
name: API Security Audit | |
steps: | |
- name: Cloning repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.11' | |
- name: Run Audit | |
# todo: | |
# - remove the hack to upgrade `packaging` as drf-yasg2 has an old version dependency | |
# - remove the setuptools upgrade (caused by the fact that actions/setup-python seems | |
# to come packaged with setuptools 65.5.0) | |
run: | | |
cd api | |
python -m pip install --upgrade pip | |
python -m pip install --upgrade setuptools | |
pip install -r requirements-all.txt | |
pip install packaging==21.3 | |
python -m pip install pip-audit | |
pip-audit |