differ icon indicating copy to clipboard operation
differ copied to clipboard
verified publisher icon trailofbits

Add Production CI Checks

Open ameily opened this issue 3 years ago • 1 comments

When we are ready to open source and release DIFFER, we'll want to add several CI checks for production code, including:

pip-audit

# update .github/workflows/ci.yml
pip-audit:
  runs-on: ubuntu-22.04
  steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: 1

    - uses: actions/setup-python@v2
      with:
        python-version: '3.9'

    - name: 'Generate requirements.txt'
      run: |
        pipx run pipfile-requirements Pipfile.lock > requirements.txt

    - uses: pypa/[email protected]
      with:
        inputs: requirements.txt

dependabot

version: 2
updates:
  - package-ecosystem: "pip" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"

ameily avatar Dec 07 '22 16:12 ameily

I've added dependabot.

ameily avatar Feb 14 '23 20:02 ameily