diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml deleted file mode 100644 index 5b8f821..0000000 --- a/.github/workflows/bandit.yml +++ /dev/null @@ -1,52 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# Bandit is a security linter designed to find common security issues in Python code. -# This action will run Bandit on your codebase. -# The results of the scan will be found under the Security tab of your repository. - -# https://github.com/marketplace/actions/bandit-scan is ISC licensed, by abirismyname -# https://pypi.org/project/bandit/ is Apache v2.0 licensed, by PyCQA - -name: Bandit -on: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] - schedule: - - cron: '38 2 * * 4' - -jobs: - bandit: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Bandit Scan - uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c - with: # optional arguments - # exit with 0, even with results found - exit_zero: true # optional, default is DEFAULT - # Github token of the repository (automatically created by Github) - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information. - # File or directory to run bandit on - # path: # optional, default is . - # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything) - # level: # optional, default is UNDEFINED - # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything) - # confidence: # optional, default is UNDEFINED - # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg) - # excluded_paths: # optional, default is DEFAULT - # comma-separated list of test IDs to skip - # skips: # optional, default is DEFAULT - # path to a .bandit file that supplies command line arguments - # ini_path: # optional, default is DEFAULT - diff --git a/.github/workflows/python-testing.yml b/.github/workflows/python-testing.yml index 1e77ef6..fb62512 100644 --- a/.github/workflows/python-testing.yml +++ b/.github/workflows/python-testing.yml @@ -28,14 +28,11 @@ jobs: run: | git submodule update --init --recursive python -m pip install --upgrade pip - pip install flake8 + pip install ruff if (Test-Path requirements.txt) {pip install -r requirements.txt} - - name: Lint with flake8 + - name: Lint with Ruff run: | - # stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + ruff check . windows-test: runs-on: windows-latest diff --git a/pyproject.toml b/pyproject.toml index b894710..0869215 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -27,6 +27,9 @@ dynamic = ["dependencies"] "Repository" = "https://github.com/howroyd/simonsays" "Bug Tracker" = "https://github.com/howroyd/simonsays/issues" +[project.optional-dependencies] +dev = ["ruff"] + [tool.setuptools.packages.find] where = ["src", "tests"]