Start schedule-triggered supply-chain review

Disclaimer: Participation by NIST in the creation of the documentation of mentioned software is not intended to imply a recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that any specific software is necessarily the best available for the purpose. Signed-off-by: Alex Nelson <[email protected]>
dfxml-working-group · Jun 21, 2024 · 20a1dbf · 20a1dbf
1 parent ff55695
commit 20a1dbf
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 2 deletions.
diff --git a/.github/workflows/supply-chain.yml b/.github/workflows/supply-chain.yml
@@ -0,0 +1,43 @@
+# Portions of this file contributed by NIST are governed by the
+# following statement:
+#
+# This software was developed at the National Institute of Standards
+# and Technology by employees of the Federal Government in the course
+# of their official duties. Pursuant to title 17 Section 105 of the
+# United States Code this software is not subject to copyright
+# protection and is in the public domain. NIST assumes no
+# responsibility whatsoever for its use by other parties, and makes
+# no guarantees, expressed or implied, about its quality,
+# reliability, or any other characteristic.
+#
+# We would appreciate acknowledgement if the software is used.
+
+# This workflow uses Make to review direct dependencies of this
+# repository.
+
+name: Supply Chain
+
+on:
+  schedule:
+    - cron: '15 5 * * 1,2,3,4,5'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version:
+          - '3.8'
+          - '3.9'
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Review dependencies
+      run: make check-supply-chain
diff --git a/Makefile b/Makefile
@@ -18,7 +18,12 @@ ifeq ($(shell basename $(SHELL)),sh)
 SHELL := $(shell which /bin/bash 2>/dev/null || which /usr/local/bin/bash)
 endif
 
-all:
+all: \
+  .venv-pre-commit/var/.pre-commit-built.log
+
+.PHONY: \
+  check-mypy \
+  check-supply-chain
 
 .git_submodule_init.done.log: .gitmodules
 	# Confirm dfxml_schema has been checked out at least once.
@@ -33,11 +38,23 @@ clean:
 	  --directory tests \
 	  clean
 
-check: .git_submodule_init.done.log
+check: \
+  .venv-pre-commit/var/.pre-commit-built.log \
+  check-mypy 
 	$(MAKE) \
 	  SHELL=$(SHELL) \
 	  --directory tests \
 	  check
 
+check-mypy: \
+  .git_submodule_init.done.log
+	$(MAKE) \
+	  SHELL=$(SHELL) \
+	  --directory tests \
+	  check-mypy
+
+check-supply-chain: \
+  check-mypy
+
 check-tools:
 	(cd tests/misc_object_tests;make check)