ci: remove osv GH action job and bump requests depenency (#450)

sdn4z · web-flow · commit 6072f4b9e808 · 2026-03-27T10:05:11.000+01:00
ci: remove osv action job and bump requests depenency
diff --git a/.github/actions/python-package-build/action.yml b/.github/actions/python-package-build/action.yml
@@ -42,8 +42,10 @@ runs:
     - name: Build the package
       id: build
       shell: bash
+      env:
+        PYTHON_VERSION: ${{ inputs.python-version }}
       run: |
-        uv build --python ${{ inputs.python-version }}
+        uv build --python "$PYTHON_VERSION"
 
         # Set outputs
         WHEEL_FILE=$(ls dist/*.whl | head -1)
diff --git a/.github/workflows/build-test-docker.yml b/.github/workflows/build-test-docker.yml
@@ -48,6 +48,11 @@ jobs:
           image-name: ${{ matrix.image-name }}
           setup-qemu: ${{ matrix.needs-qemu }}
 
-      - name: Test
+      - name: Test Docker image
+        shell: bash
+        env:
+          PLATFORM: ${{ matrix.platform }}
+          IMAGE_NAME: ${{ matrix.image-name }}
+          IMAGE_TAG: ${{ inputs.image-tag }}
         run: |
-          docker run --platform ${{ matrix.platform }} --rm ${{ matrix.image-name }}:${{ inputs.image-tag }} --version
+          docker run --platform "$PLATFORM" --rm "$IMAGE_NAME":"$IMAGE_TAG" --version
diff --git a/.github/workflows/build-test-python.yml b/.github/workflows/build-test-python.yml
@@ -23,7 +23,7 @@ jobs:
         id: build
         with:
           uv-version: "0.8.22"
-          python-version: "$PYTHON_VERSION"
+          python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Upload package artifact
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -9,17 +9,6 @@ on:
     - cron: "0 0 * * 1" # every Monday at 00:00 UTC
 
 jobs:
-  osv-scanner:
-    if: "!startsWith(github.event.head_commit.message, 'bump:')"
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/google/osv-scanner:v2.1.0@sha256:9a1ba57d2a1506c9e9d0dfbeaf46346507e829745b70d47d77e12c38e66de8d7
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - name: Run OSV Scanner
-        run: |
-          /osv-scanner --format table -r .
-
   semgrep:
     if: github.event_name != 'schedule' && !startsWith(github.event.head_commit.message, 'bump:')
     runs-on: ubuntu-latest
@@ -29,7 +18,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Run Semgrep
         run: |
-          semgrep scan --config auto
+          semgrep scan --config auto --error
 
   twyn:
     if: github.event_name != 'schedule' && !startsWith(github.event.head_commit.message, 'bump:')
diff --git a/.osv-scanner.toml b/.osv-scanner.toml
diff --git a/uv.lock b/uv.lock
