mirror of
https://github.com/EDCD/EDMarketConnector.git
synced 2025-04-12 23:37:14 +03:00
214bed27ee
This is with regards to what happened to another project, ref: <https://www.wiz.io/blog/ultralytics-ai-library-hacked-via-github-for-cryptomining> Basically, do NOT trust that things like branch names don't contain any attempt at executing shell code if referenced in a workflow segment that runs a shell command.
76 lines
2.7 KiB
YAML
76 lines
2.7 KiB
YAML
# This workflow will:
|
|
#
|
|
# * install Python dependencies
|
|
# * lint with a single version of Python
|
|
#
|
|
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
|
|
|
|
name: Push-Checks
|
|
|
|
on:
|
|
push:
|
|
# We'll catch issues on `develop` or any PR branch.
|
|
branches-ignore:
|
|
- 'main'
|
|
- 'stable'
|
|
- 'releases'
|
|
- 'beta'
|
|
|
|
jobs:
|
|
push_checks:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
cache: 'pip' # caching pip dependencies
|
|
python-version-file: '.python-version'
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install wheel flake8 pytest
|
|
if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
|
|
|
|
- name: Setup flake8 annotations
|
|
uses: rbialon/flake8-annotations@v1
|
|
|
|
- name: Lint with flake8
|
|
env:
|
|
ROOT_SHA: ${{github.base_ref}}
|
|
run: |
|
|
DATA=$(jq --raw-output .before "$GITHUB_EVENT_PATH")
|
|
|
|
echo "DATA: ${DATA}"
|
|
#######################################################################
|
|
# stop the build if there are Python syntax errors or undefined names, ignore existing
|
|
#######################################################################
|
|
# We need to get just the *filenames* of only *python* files changed.
|
|
# Using various -z/-Z/-0 to utilise NUL-terminated strings.
|
|
git diff --name-only --diff-filter=d -z "$DATA" | \
|
|
grep -E -z -Z '\.py$' | \
|
|
xargs -0 flake8 --count --select=E9,F63,F7,F82 --show-source --statistics
|
|
#######################################################################
|
|
|
|
#######################################################################
|
|
# 'Full' run, but ignoring docstring errors
|
|
#######################################################################
|
|
# explicitly ignore docstring errors (start with D)
|
|
# Can optionally add `--exit-zero` to the flake8 arguments so that
|
|
git diff --name-only --diff-filter=d -z "$DATA" | \
|
|
grep -E -z -Z '\.py$' | \
|
|
xargs -0 flake8 --count --statistics --extend-ignore D
|
|
#######################################################################
|
|
|
|
- name: mypy type checks
|
|
run: |
|
|
./scripts/mypy-all.sh --platform win32
|
|
|
|
- name: translation checks
|
|
run: |
|
|
python ./scripts/find_localised_strings.py --compare-lang L10n/en.template --directory . --ignore coriolis-data
|