Skip to content

Commit

Permalink
README: prep 1.0.8
Browse files Browse the repository at this point in the history
Signed-off-by: William Woodruff <william@trailofbits.com>
  • Loading branch information
woodruffw committed May 23, 2023
1 parent cf52d21 commit d499194
Showing 1 changed file with 20 additions and 20 deletions.
40 changes: 20 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
```
Or, with a virtual environment:
Expand All @@ -48,7 +48,7 @@ jobs:
python -m venv env/
source env/bin/activate
python -m pip install .
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
virtual-environment: env/
```
Expand All @@ -72,15 +72,15 @@ The `inputs` setting controls what sources `pip-audit` runs on.
To audit one or more requirements-style inputs:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
inputs: requirements.txt dev-requirements.txt
```

To audit a project that uses `pyproject.toml` for its dependencies:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
# NOTE: this can be `.`, for the current directory
inputs: path/to/project/
Expand Down Expand Up @@ -108,7 +108,7 @@ Example: use the virtual environment specified at `env/`, relative to the
current directory:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
virtual-environment: env/
# Note the absence of `input:`, since we're auditing the environment.
Expand All @@ -128,7 +128,7 @@ installed directly into the current environment are included.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
local: true
```
Expand All @@ -145,7 +145,7 @@ It's directly equivalent to `pip-audit --vulnerability-service=...`.
To audit with OSV instead of PyPI:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
vulnerability-service: osv
```
Expand All @@ -160,7 +160,7 @@ It's directly equivalent to `pip-audit --require-hashes ...`.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
Expand All @@ -177,7 +177,7 @@ It's directly equivalent to `pip-audit --no-deps ...`.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
Expand All @@ -195,7 +195,7 @@ is rendered at the end of the action.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
summary: false
```
Expand All @@ -214,7 +214,7 @@ indices to search (such as a corporate index with private packages), see
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
index-url: https://example.corporate.local/simple
```
Expand All @@ -229,7 +229,7 @@ indexes to search when resolving dependencies. Each URL is whitespace-separated.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
extra-index-urls: |
https://example.corporate.local/simple
Expand All @@ -246,7 +246,7 @@ ignore (i.e., exclude from the results) if present. Each ID is whitespace-separa
Example

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
ignore-vulns: |
GHSA-XXXX-YYYYYY
Expand Down Expand Up @@ -276,7 +276,7 @@ Example
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
internal-be-careful-allow-failure: true
```
Expand All @@ -290,7 +290,7 @@ to `pip-audit`.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
internal-be-careful-extra-flags: --not-a-real-pip-audit-flag
```
Expand All @@ -307,7 +307,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
`require-hashes: true`:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
inputs: requirements.txt
require-hashes: true
Expand All @@ -316,7 +316,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
or:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
inputs: requirements.txt
no-deps: true
Expand All @@ -337,7 +337,7 @@ by the host system itself, or other Python projects that happen to be installed.
To minimize external dependencies, you can opt into a virtual environment:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
# must be populated earlier in the CI
virtual-environment: env/
Expand All @@ -347,7 +347,7 @@ and, more aggressively, specify that only dependencies marked as "local"
in the virtual environment should be included:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
# must be populated earlier in the CI
virtual-environment: env/
Expand Down Expand Up @@ -383,7 +383,7 @@ jobs:
run: |
pipx run pipfile-requirements Pipfile.lock > requirements.txt
- uses: pypa/gh-action-pip-audit@v1.0.7
- uses: pypa/gh-action-pip-audit@v1.0.8
with:
inputs: requirements.txt
```
Expand Down

0 comments on commit d499194

Please sign in to comment.