chore: fix type checking and CI workflow (#2)

.github/workflows/pr.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7.1.0
 
       - name: Install dependencies
-        run: uv sync
+        run: uv sync --extra dev
 
       - name: Run tests
         run: uv run -m pytest --cov
@@ -24,7 +24,7 @@ jobs:
         run: uvx ruff check .
 
       - name: Type check
-        run: uvx mypy .
+        run: uv run mypy .
 
   audit:
     runs-on: ubuntu-latest
@@ -35,10 +35,8 @@ jobs:
 
       - uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7.1.0
 
-      - name: Install
-        run: |
-          uv sync
-          uv pip install -e .
+      - name: Install dependencies
+        run: uv sync
 
       - name: Audit workflows
         run: uv run ghaw-auditor scan --repo . --output audit-results

ghaw_auditor/cache.py

@@ -7,7 +7,7 @@ import logging
 from pathlib import Path
 from typing import Any
 
-import diskcache
+import diskcache  # type: ignore[import-untyped]
 from platformdirs import user_cache_dir
 
 logger = logging.getLogger(__name__)

ghaw_auditor/github_client.py

@@ -70,7 +70,7 @@ class GitHubClient:
         try:
             response = self.client.get(url)
             response.raise_for_status()
-            sha = response.json()["sha"]
+            sha: str = response.json()["sha"]
             logger.debug(f"Resolved {owner}/{repo}@{ref} -> {sha}")
             return sha
         except httpx.HTTPStatusError as e:

ghaw_auditor/models.py

@@ -3,13 +3,13 @@
 from __future__ import annotations
 
 from datetime import datetime
-from enum import Enum
+from enum import StrEnum
 from typing import Any
 
 from pydantic import BaseModel, Field
 
 
-class ActionType(str, Enum):
+class ActionType(StrEnum):
     """Type of action reference."""
 
     LOCAL = "local"
@@ -72,7 +72,7 @@ class ActionManifest(BaseModel):
     is_javascript: bool = False
 
 
-class PermissionLevel(str, Enum):
+class PermissionLevel(StrEnum):
     """Permission level."""
 
     NONE = "none"
@@ -134,7 +134,7 @@ class JobMeta(BaseModel):
     name: str
     runs_on: str | list[str]
     needs: list[str] = Field(default_factory=list)
-    if_condition: str | None = Field(None, alias="if")
+    if_condition: str | None = Field(default=None, alias="if")
     permissions: Permissions | None = None
     environment: str | dict[str, Any] | None = None
     concurrency: str | dict[str, Any] | None = None

ghaw_auditor/parser.py

@@ -157,7 +157,7 @@ class Parser:
         actions_used: list[ActionRef] = []
         secrets_used: set[str] = set()
 
-        if is_reusable_call:
+        if is_reusable_call and isinstance(uses, str):
             # Parse reusable workflow reference
             workflow_ref = self._parse_reusable_workflow_ref(uses, path)
             actions_used.append(workflow_ref)

ghaw_auditor/scanner.py

@@ -35,7 +35,7 @@ class Scanner:
 
     def find_workflows(self) -> list[Path]:
         """Find all workflow files."""
-        workflows = []
+        workflows: list[Path] = []
         workflow_dir = self.repo_path / ".github" / "workflows"
 
         if not workflow_dir.exists():