Skip to content

add bandit

add bandit #112

Workflow file for this run

name: Iroha 2 pull request pytests
on:
# repository_dispatch:
# types: [dispatch-event]
# pull_request:
# branches: [main]
push:
branches: [i2/ci/py-sonar]
jobs:
pytest:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [ 3.8 ]
steps:
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Checkout code
uses: actions/checkout@v4
# - name: Install dependencies
# run: pip install poetry tomli-w
# - name: Checkout irohad repo code
# run: git clone --depth 1 https://github.com/hyperledger-iroha/iroha.git -b 2.0.0-rc.1 iroha_daemon
# - name: Install correct rust version
# run: rustup install nightly-2024-09-09 && rustup component add rust-src --toolchain nightly-2024-09-09
# - name: Set toolchain
# run: rustup default nightly-2024-09-09
# - name: Build irohad
# run: cd iroha_daemon && cargo build --release && mkdir target/debug -p && cp target/release/irohad target/debug/irohad && cp target/release/iroha target/debug/iroha
# - name: Build kagami
# run: cd iroha_daemon && cargo build --bin kagami
# - name: Build default executor
# run: cd iroha_daemon && cargo run --release --bin iroha_wasm_builder -- build ./wasm_samples/default_executor --optimize --out-file ./defaults/executor.wasm
# - name: Maturin build and Run tests
# run: bash -c " pip install maturin &&
# maturin build &&
# cd iroha_daemon && scripts/test_env.py setup && cd .. &&
# python -m venv .venv &&
# source .venv/bin/activate &&
# pip install pytest faker allure-pytest pytest-cov bandit pylint &&
# pip install --break-system-packages target/wheels/iroha-*.whl &&
# python -m pytest --cov=. --cov-report xml:coverage-reports/coverage-iroha-python.xml tests/"
- name: Run Bandit
run: |
pip install bandit
bandit --format json --output bandit-report.json --recursive tests/
- name: SonarQube
if: always()
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Tear down the network
run: cd iroha_daemon && scripts/test_env.py cleanup