mirror of
https://github.com/ivuorinen/ghaw-auditor.git
synced 2026-02-21 00:51:58 +00:00
chore: fix type checking and CI workflow (#2)
This commit is contained in:
10
.github/workflows/pr.yml
vendored
10
.github/workflows/pr.yml
vendored
@@ -15,7 +15,7 @@ jobs:
|
||||
- uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7.1.0
|
||||
|
||||
- name: Install dependencies
|
||||
run: uv sync
|
||||
run: uv sync --extra dev
|
||||
|
||||
- name: Run tests
|
||||
run: uv run -m pytest --cov
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
run: uvx ruff check .
|
||||
|
||||
- name: Type check
|
||||
run: uvx mypy .
|
||||
run: uv run mypy .
|
||||
|
||||
audit:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -35,10 +35,8 @@ jobs:
|
||||
|
||||
- uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7.1.0
|
||||
|
||||
- name: Install
|
||||
run: |
|
||||
uv sync
|
||||
uv pip install -e .
|
||||
- name: Install dependencies
|
||||
run: uv sync
|
||||
|
||||
- name: Audit workflows
|
||||
run: uv run ghaw-auditor scan --repo . --output audit-results
|
||||
|
||||
@@ -7,7 +7,7 @@ import logging
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
import diskcache
|
||||
import diskcache # type: ignore[import-untyped]
|
||||
from platformdirs import user_cache_dir
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -70,7 +70,7 @@ class GitHubClient:
|
||||
try:
|
||||
response = self.client.get(url)
|
||||
response.raise_for_status()
|
||||
sha = response.json()["sha"]
|
||||
sha: str = response.json()["sha"]
|
||||
logger.debug(f"Resolved {owner}/{repo}@{ref} -> {sha}")
|
||||
return sha
|
||||
except httpx.HTTPStatusError as e:
|
||||
|
||||
@@ -3,13 +3,13 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from datetime import datetime
|
||||
from enum import Enum
|
||||
from enum import StrEnum
|
||||
from typing import Any
|
||||
|
||||
from pydantic import BaseModel, Field
|
||||
|
||||
|
||||
class ActionType(str, Enum):
|
||||
class ActionType(StrEnum):
|
||||
"""Type of action reference."""
|
||||
|
||||
LOCAL = "local"
|
||||
@@ -72,7 +72,7 @@ class ActionManifest(BaseModel):
|
||||
is_javascript: bool = False
|
||||
|
||||
|
||||
class PermissionLevel(str, Enum):
|
||||
class PermissionLevel(StrEnum):
|
||||
"""Permission level."""
|
||||
|
||||
NONE = "none"
|
||||
@@ -134,7 +134,7 @@ class JobMeta(BaseModel):
|
||||
name: str
|
||||
runs_on: str | list[str]
|
||||
needs: list[str] = Field(default_factory=list)
|
||||
if_condition: str | None = Field(None, alias="if")
|
||||
if_condition: str | None = Field(default=None, alias="if")
|
||||
permissions: Permissions | None = None
|
||||
environment: str | dict[str, Any] | None = None
|
||||
concurrency: str | dict[str, Any] | None = None
|
||||
|
||||
@@ -157,7 +157,7 @@ class Parser:
|
||||
actions_used: list[ActionRef] = []
|
||||
secrets_used: set[str] = set()
|
||||
|
||||
if is_reusable_call:
|
||||
if is_reusable_call and isinstance(uses, str):
|
||||
# Parse reusable workflow reference
|
||||
workflow_ref = self._parse_reusable_workflow_ref(uses, path)
|
||||
actions_used.append(workflow_ref)
|
||||
|
||||
@@ -35,7 +35,7 @@ class Scanner:
|
||||
|
||||
def find_workflows(self) -> list[Path]:
|
||||
"""Find all workflow files."""
|
||||
workflows = []
|
||||
workflows: list[Path] = []
|
||||
workflow_dir = self.repo_path / ".github" / "workflows"
|
||||
|
||||
if not workflow_dir.exists():
|
||||
|
||||
Reference in New Issue
Block a user