diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index f5128f1..d69707a 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -50,4 +50,4 @@ jobs: shell: bash run: poetry check --lock - - uses: pre-commit/action@v3.0.0 + - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/safety.yml b/.github/workflows/safety.yml new file mode 100644 index 0000000..28c4b3a --- /dev/null +++ b/.github/workflows/safety.yml @@ -0,0 +1,55 @@ +--- + +name: Safety hook + +on: + pull_request: + branches: + - main + +jobs: + runner-job: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.8" + + - name: Bootstrap poetry + shell: bash + run: | + python -m ensurepip + python -m pip install --upgrade pip + python -m pip install poetry + + - name: Configure poetry + shell: bash + run: | + python -m poetry config virtualenvs.in-project true + + - name: Set up cache + uses: actions/cache@v3 + id: cache + with: + path: .venv + key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }} + + - name: Install dependencies + if: steps.cache.outputs.cache-hit != 'true' + shell: bash + run: | + python -m poetry install --all-extras + + - name: Check poetry.lock consistency + shell: bash + run: poetry check --lock + + - uses: pre-commit/action@v3.0.1 + with: + extra_args: --config .pre-commit-safety.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c17938d..c71f46d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,11 +24,6 @@ repos: entry: poetry run isort language: system types: ['python'] - - id: safety - name: Safety - entry: poetry run safety check --full-report -i 40291 -i 40622 -i 42194 -i 42218 -i 42559 - pass_filenames: false - language: system - id: mypy name: MyPy entry: poetry run mypy --install-types --non-interactive diff --git a/.pre-commit-safety.yaml b/.pre-commit-safety.yaml new file mode 100644 index 0000000..7a6d30e --- /dev/null +++ b/.pre-commit-safety.yaml @@ -0,0 +1,10 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: + - repo: local + hooks: + - id: safety + name: Safety + entry: poetry run safety check --full-report + pass_filenames: false + language: system