Revised date for Play Store submission #207
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # yamllint disable rule:line-length | |
| name: Python package checks | |
| # yamllint disable-line rule:truthy | |
| on: | |
| push: | |
| paths: | |
| - '**.py' | |
| - .github/scripts/python_setup.sh | |
| - .github/workflows/python-package-checks.yml | |
| jobs: | |
| python-package-checks: | |
| strategy: | |
| matrix: | |
| python-version: [3.8, 3.9, "3.10"] | |
| # LTS versions | |
| os: [ubuntu-20.04, ubuntu-22.04] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Python package checks | |
| run: | | |
| set -euxo pipefail | |
| ${GITHUB_WORKSPACE}/.github/scripts/python_setup.sh | |
| source ${HOME}/venv/bin/activate | |
| echo checking packages for conflicts | |
| python -m pip check | |
| echo installing vulnerability checker | |
| python -m pip install safety | |
| echo checking packages for vulnerabilities | |
| # All of these vulnerabilities look either harmless or very low risk | |
| # 51668 sqlalchemy. Fix in 2.0 beta. We don't log Engine.URL() | |
| # https:/sqlalchemy/sqlalchemy/issues/8567 | |
| # 52495 setuptools. Fix in 65.5.1. We'll be careful not to | |
| # install malicious packages. | |
| # 67599 pip. Disputed and only relevant if using --extra-index-url, | |
| # which we're not. | |
| # 70612 jinja2. The maintainer and multiple third parties | |
| # believe that this vulnerability isn't valid because | |
| # users shouldn't use untrusted templates without | |
| # sandboxing. | |
| safety check --full-report --ignore=51668 --ignore=52495 --ignore=67599 --ignore=70612 |