Skip to content

test-security

test-security #1

Workflow file for this run

# Python 依存パッケージの脆弱性診断を定期的に行う
# NOTE: 公式 Action は API key 等を必要とするため利用しない(https://github.com/pyupio/safety-action/tree/main)
name: test-security
on:
schedule:
- cron: '00 04 15 * *' # 毎月15日 13:00 JST
env:
PYTHON_VERSION: "3.11.3"
defaults:
run:
shell: bash
jobs:
test-security:
runs-on: ubuntu-20.04
steps:
- name: <Setup> Check out the repository
uses: actions/checkout@v4
- name: <Setup> Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: pip
- name: <Setup> Install Python dependencies
run: pip install -r requirements-dev.txt
- name: <Test> Check Python dependency security
run: safety check -r requirements.txt -r requirements-dev.txt -r requirements-test.txt -r requirements-license.txt -o bare
- name: Notify Discord of security testing result
uses: sarisia/actions-status-discord@v1
if: always()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
username: GitHub Actions
title: "依存パッケージ脆弱性診断の結果"
status: ${{ job.status }}
color: ${{ job.status == 'success' && 0x00FF00 || 0xFF0000 }}
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"