commented out bandit

helxplatform · Jun 13, 2024 · 7f37f91 · 7f37f91
1 parent 94253c9
commit 7f37f91
Showing 1 changed file with 93 additions and 94 deletions.
diff --git a/.github/workflows/code-checks.yml b/.github/workflows/code-checks.yml
@@ -4,7 +4,7 @@
 #     - PYTest
 #     - Bandit
 # For PR Vulnerability Scanning a separate workflow will run.
-# The build-push-dev-image and build-push-release workflows 
+# The build-push-dev-image and build-push-release workflows
 # handle the develop and release image storage respectively.
 #
 #
@@ -20,8 +20,8 @@ on:
     branches:
       - develop
       - master
-      - main 
-    types: [ opened, synchronize ]
+      - main
+    types: [opened, synchronize]
     paths-ignore:
       - README.md
       - .old_cicd/*
@@ -33,40 +33,40 @@ on:
       - .githooks
 
 jobs:
-############################## flake8-linter ##############################
+  ############################## flake8-linter ##############################
   flake8-linter:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-          
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.12'
-
-    # Currently actions/setup-python supports caching
-    # but the cache is not as robust as cache action.
-    # Here we cache the entire python env which speeds subsequent builds up alot. (alot being scientific term)
-    # Ref: https://blog.allenai.org/python-caching-in-github-actions-e9452698e98d
-    - uses: actions/cache@v3
-      name: Cache Python
-      with:
-        path: ${{ env.pythonLocation }}
-        key: ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('pyproject.toml') }}
-
-    - name: Install Requirements
-      run: |
-        pip install -r requirements.txt
-
-    - name: Lint with flake8
-      run: |
-        pip install flake8
-        flake8 --ignore=E,W dag 
-      # We continue on error here until the code is clean
-      # flake8 --ignore=E,W --exit-zero . 
-      continue-on-error: true
-
-################################### PYTEST ###################################
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.12"
+
+      # Currently actions/setup-python supports caching
+      # but the cache is not as robust as cache action.
+      # Here we cache the entire python env which speeds subsequent builds up alot. (alot being scientific term)
+      # Ref: https://blog.allenai.org/python-caching-in-github-actions-e9452698e98d
+      - uses: actions/cache@v3
+        name: Cache Python
+        with:
+          path: ${{ env.pythonLocation }}
+          key: ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('pyproject.toml') }}
+
+      - name: Install Requirements
+        run: |
+          pip install -r requirements.txt
+
+      - name: Lint with flake8
+        run: |
+          pip install flake8
+          flake8 --ignore=E,W dag
+        # We continue on error here until the code is clean
+        # flake8 --ignore=E,W --exit-zero .
+        continue-on-error: true
+
+  ################################### PYTEST ###################################
   # pytest:
   #   runs-on: ubuntu-latest
   #   steps:
@@ -86,67 +86,66 @@ jobs:
   #     run: |
   #       make test
 
-############################ Bandit ################################
-  bandit:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.12'
-
-    - name: Install Requirements
-      run: |
-        pip install -r requirements.txt
-        pip install bandit
-        pip install /dags
-
-    # Only report high security issues
-    - name: Test with Bandit
-      run: |
-        bandit -r src -n3 -lll
-
-############################## test-image-build ##############################
+  ############################ Bandit ################################
+  # bandit:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v3
+  #     - name: Set up Python
+  #       uses: actions/setup-python@v4
+  #       with:
+  #         python-version: "3.12"
+
+  #     - name: Install Requirements
+  #       run: |
+  #         pip install -r requirements.txt
+  #         pip install bandit
+  #         pip install ./dags
+
+  #     # Only report high security issues
+  #     - name: Test with Bandit
+  #       run: |
+  #         bandit -r dags -n3 -lll
+
+  ############################## test-image-build ##############################
   test-image-build:
     runs-on: ubuntu-latest
     # if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
-    - uses: actions/checkout@v3
-
-    - name: Set short git commit SHA
-      id: vars
-      run: |
-        echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
-    # https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
-
-    - name: Confirm git commit SHA output
-      run: echo ${{ steps.vars.outputs.short_sha }}
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-        logout: true
-
-    - name: Parse Github Reference Name
-      id: branch
-      run: |
-        REF=${{ github.ref_name }}
-        echo "GHR=${REF%/*}" >> $GITHUB_OUTPUT
-        
-    # Notes on Cache: 
-    # https://docs.docker.com/build/ci/github-actions/examples/#inline-cache
-    - name: Build Container
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        tags: |
-          ${{ github.repository }}:test_${{ steps.branch.outputs.GHR }}
-        cache-from: type=registry,ref=${{ github.repository }}:buildcache
-        cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max
+      - uses: actions/checkout@v3
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
+      # https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
+      - name: Confirm git commit SHA output
+        run: echo ${{ steps.vars.outputs.short_sha }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          logout: true
+
+      - name: Parse Github Reference Name
+        id: branch
+        run: |
+          REF=${{ github.ref_name }}
+          echo "GHR=${REF%/*}" >> $GITHUB_OUTPUT
+
+      # Notes on Cache:
+      # https://docs.docker.com/build/ci/github-actions/examples/#inline-cache
+      - name: Build Container
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ github.repository }}:test_${{ steps.branch.outputs.GHR }}
+          cache-from: type=registry,ref=${{ github.repository }}:buildcache
+          cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max