forked from MycroftAI/mycroft-core
-
Notifications
You must be signed in to change notification settings - Fork 16
38 lines (37 loc) · 1.03 KB
/
pipaudit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: Run PipAudit
on:
push:
branches:
- master
- dev
workflow_dispatch:
jobs:
build_tests:
strategy:
max-parallel: 2
matrix:
python-version: [ 3.7, 3.8, 3.9, "3.10", "3.11" ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install Build Tools
run: |
python -m pip install build wheel uv
- name: Install System Dependencies
run: |
sudo apt-get update
sudo apt install python3-dev swig libssl-dev
- name: Install package
run: |
uv pip install --system .[skills-essential]
- uses: pypa/[email protected]
with:
# Ignore setuptools vulnerability we can't do much about
# Ignore numpy vulnerability affecting latest version for Py3.7
ignore-vulns: |
GHSA-r9hx-vwmv-q579
GHSA-fpfv-jqm9-f5jm