chore(deps): bump python-multipart from 0.0.30 to 0.0.31 in the uv group across 1 directory #680
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 6 * * 1" | |
| permissions: | |
| contents: read | |
| jobs: | |
| pip-audit: | |
| name: pip-audit (base/dev lockfile) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install audit tool in isolated environment | |
| run: | | |
| python -m venv .venv-audit | |
| . .venv-audit/bin/activate | |
| python -m pip install --upgrade pip | |
| pip install pip-audit | |
| - name: Run pip-audit (base lockfile export) | |
| run: | | |
| . .venv-audit/bin/activate | |
| uv export --format requirements-txt --no-dev --no-emit-project --frozen -o /tmp/teaagent-base-requirements.txt | |
| pip-audit -r /tmp/teaagent-base-requirements.txt | |
| - name: Run pip-audit (dev lockfile visibility) | |
| if: github.event_name == 'schedule' | |
| run: | | |
| . .venv-audit/bin/activate | |
| uv export --format requirements-txt --no-emit-project --frozen -o /tmp/teaagent-dev-requirements.txt | |
| pip-audit -r /tmp/teaagent-dev-requirements.txt | |
| optional-extra-pip-audit: | |
| name: optional-extra pip-audit (${{ matrix.extra }}) | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| continue-on-error: true | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| extra: | |
| - managed-google-adk | |
| - managed-vertex | |
| - playwright | |
| - telemetry | |
| - oauth | |
| - wasm | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install audit tool in isolated environment | |
| run: | | |
| python -m venv .venv-audit | |
| . .venv-audit/bin/activate | |
| python -m pip install --upgrade pip | |
| pip install pip-audit | |
| - name: Run pip-audit (optional extra) | |
| run: | | |
| . .venv-audit/bin/activate | |
| uv export --format requirements-txt --extra ${{ matrix.extra }} --no-dev --no-emit-project --frozen -o /tmp/teaagent-${{ matrix.extra }}-requirements.txt | |
| pip-audit -r /tmp/teaagent-${{ matrix.extra }}-requirements.txt | |
| bandit: | |
| name: bandit SAST | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install bandit | |
| run: pip install bandit | |
| - name: Run bandit SAST scan | |
| run: bandit -r teaagent/ -q -c pyproject.toml | |
| codeql: | |
| name: CodeQL (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| packages: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - language: actions | |
| build-mode: none | |
| - language: python | |
| build-mode: none | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "/language:${{ matrix.language }}" |