Skip to content

[mypy] nncf/common/logging (#3181) #189

[mypy] nncf/common/logging (#3181)

[mypy] nncf/common/logging (#3181) #189

Workflow file for this run

name: sdl
permissions: read-all
on:
workflow_dispatch:
push:
branches:
- develop
- release_v*
pull_request:
paths:
- '.github/workflows/sdl.yml'
- '**.py'
jobs:
bandit:
name: Bandit
runs-on: ubuntu-20.04
timeout-minutes: 10
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.10.14
- name: Install bandit
run: pip install bandit[toml]==1.7.4
- name: Run bandit
run: bandit -c pyproject.toml -r .
codeql:
name: CodeQL
runs-on: ubuntu-22.04
timeout-minutes: 15
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
lfs: true
- name: Initialize CodeQL
uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
with:
languages: python
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
with:
category: "/language:python"
# pdf reports always empty for pull_request
- name: Generate Security Report
if: ${{ github.event_name != 'pull_request' }}
uses: rsdmike/github-security-report-action@a149b24539044c92786ec39af8ba38c93496495d # v3.0.4
with:
template: report
token: ${{ secrets.GITHUB_TOKEN }}
- name: Rename Report
shell: bash
if: ${{ github.event_name != 'pull_request' }}
run: |
DATE=$(date +"%Y-%m-%d")
REF_NAME="${{ github.ref_name }}"
mv "report.pdf" "codeql_nncf_report_${DATE}_${REF_NAME//\//-}_${{ github.sha }}.pdf"
- name: Upload CodeQL Artifacts
if: ${{ github.event_name != 'pull_request' }}
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b #v4.5.0
with:
name: codeql-scan-results
path: "./codeql*.pdf"