Dependency Check #172
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Check | |
| on: | |
| schedule: | |
| # Run every Monday at 9 AM UTC | |
| - cron: '0 9 * * 1' | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - 'requirements.txt' | |
| - '.github/workflows/dependency-check.yml' | |
| workflow_dispatch: | |
| jobs: | |
| check-dependencies: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| version: "latest" | |
| - name: Create virtual environment | |
| run: uv venv | |
| - name: Install dependencies | |
| run: | | |
| source .venv/bin/activate | |
| uv pip install -r requirements.txt | |
| - name: Check for outdated packages | |
| run: | | |
| source .venv/bin/activate | |
| uv pip list --outdated | |
| - name: Security check with pip-audit | |
| run: | | |
| source .venv/bin/activate | |
| uv pip install pip-audit | |
| pip-audit || true | |
| - name: Create issue if vulnerabilities found | |
| if: failure() | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: 'Security vulnerabilities found in dependencies', | |
| body: 'The dependency check workflow found security vulnerabilities. Please review the workflow logs and update dependencies as needed.', | |
| labels: ['security', 'dependencies'] | |
| }) |