Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Enhanced code checking #3731

Draft
wants to merge 21 commits into
base: main
Choose a base branch
from
Draft

ci: Enhanced code checking #3731

wants to merge 21 commits into from

Conversation

hpohekar
Copy link
Collaborator

closes #1673

As discussed with @RobPasMue,

We have an inhouse tool based on Safety and Bandit.

Bandit checks for in-library issues (similar to a static code check that SonarQube would perform)

Safety checks for third-party dependency vulnerabilities

The results for both tools are processed by our action and reported to an internal dashboard.

@hpohekar hpohekar requested a review from RobPasMue February 10, 2025 14:12
@github-actions github-actions bot added maintenance General maintenance of the repo (libraries, cicd, etc) CI/CD Related with CICD, Github Actions, etc labels Feb 10, 2025
hpohekar
hpohekar commented Feb 10, 2025
View reviewed changes
.github/workflows/ci.yml Outdated Show resolved Hide resolved
@RobPasMue
Copy link
Member

I would encourage your team to give it a local pass to the tool before enabling it on CI/CD. I'm sure Bandit will detect many issues and it will populate your advisories with a lot of draft ones... See https://actions.docs.ansys.com/version/stable/vulnerability-actions/index.html#check-vulnerabilities-action on how to run the tool locally

@hpohekar
Copy link
Collaborator Author

I would encourage your team to give it a local pass to the tool before enabling it on CI/CD. I'm sure Bandit will detect many issues and it will populate your advisories with a lot of draft ones... See https://actions.docs.ansys.com/version/stable/vulnerability-actions/index.html#check-vulnerabilities-action on how to run the tool locally

@RobPasMue Sure. Thanks a lot.

RobPasMue
RobPasMue requested changes Feb 11, 2025
View reviewed changes
Copy link
Member

@RobPasMue RobPasMue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking PR until local resolutions have been performed by @hpohekar to avoid creation of unnecessary advisories

@hpohekar hpohekar marked this pull request as draft February 11, 2025 08:00
hpohekar and others added 2 commits February 11, 2025 13:31
@hpohekar @pyansys-ci-bot
ci: Add workflow for examples [skip tests] (#3730)
ea84e65 
* ci: Add workflow for examples [skip tests]

* chore: adding changelog file 3730.maintenance.md [dependabot-skip]

---------

Co-authored-by: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com>
@hpohekar @pyansys-ci-bot
refactor: Update docstring and check file extension in Mesh class (#3727
76de655 
)

* refactor: Update docstring and check file extension in Mesh class

* chore: adding changelog file 3727.miscellaneous.md [dependabot-skip]

* refactor: Update docstring and check file extension in Mesh class

* ci: Add workflow for examples [skip tests] (#3730)

* ci: Add workflow for examples [skip tests]

* chore: adding changelog file 3730.maintenance.md [dependabot-skip]

---------

Co-authored-by: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com>

* ci: Error fix

* ci: Error fix

* ci: Error fix

---------

Co-authored-by: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com>
@github-actions github-actions bot added the documentation Documentation related (improving, adding, etc) label Feb 11, 2025
@github-actions github-actions bot removed the documentation Documentation related (improving, adding, etc) label Feb 11, 2025
@github-actions github-actions bot added the documentation Documentation related (improving, adding, etc) label Feb 11, 2025
@hpohekar
Copy link
Collaborator Author

@RobPasMue @seanpearsonuk

We are going to use this tool offline. We are not going integrate it into CI/CI workflow right now.

image

@RobPasMue
Copy link
Member

@RobPasMue @seanpearsonuk

We are going to use this tool offline. We are not going integrate it into CI/CI workflow right now.

What's the reason for not integrating it into the workflow?

@hpohekar
Copy link
Collaborator Author

@RobPasMue @seanpearsonuk
We are going to use this tool offline. We are not going integrate it into CI/CI workflow right now.

What's the reason for not integrating it into the workflow?

@RobPasMue We want to integrate it with pre-commit hooks.

@RobPasMue
Copy link
Member

@RobPasMue We want to integrate it with pre-commit hooks.

That would be awesome. Once you have something, it might be a good idea to migrate it / make it part of https://github.com/ansys/pre-commit-hooks

@hpohekar
Copy link
Collaborator Author

@RobPasMue We want to integrate it with pre-commit hooks.

That would be awesome. Once you have something, it might be a good idea to migrate it / make it part of https://github.com/ansys/pre-commit-hooks

@RobPasMue Sure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanpearsonuk seanpearsonuk seanpearsonuk left review comments

@RobPasMue RobPasMue RobPasMue requested changes

@prmukherj prmukherj prmukherj approved these changes

@mkundu1 mkundu1 Awaiting requested review from mkundu1 mkundu1 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
CI/CD Related with CICD, Github Actions, etc documentation Documentation related (improving, adding, etc) maintenance General maintenance of the repo (libraries, cicd, etc)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhanced code checking
5 participants
@hpohekar @RobPasMue @seanpearsonuk @prmukherj @pyansys-ci-bot