Skip to content
Static code analysis

changelog #7427

Sign in to view logs

changelog

changelog #7427

Workflow file for this run

.github/workflows/static-analysis.yml at 63948e6
name: Static code analysis
on: push
jobs:
flake8:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: make flake8
cfn-lint:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
security_environment: [ASF, EDC, JPL, JPL-public]
steps:
- uses: actions/[email protected]
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: |
make security_environment=${{ matrix.security_environment }} cfn-lint
openapi-spec-validator:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: make openapi-validate
statelint:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7
- run: gem install statelint
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: |
make render
sed -i 's/"Resource": "${.*}"/"Resource": "foo:bar"/' apps/step-function.json
statelint apps/step-function.json
snyk:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: snyk/actions/[email protected]
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
make render security_environment=EDC
- name: Run Snyk to check for vulnerabilities
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
snyk test --package-manager=pip --file=requirements-all.txt --severity-threshold=high
snyk iac test --severity-threshold=high
call-secrets-analysis-workflow:
uses: ASFHyP3/actions/.github/workflows/[email protected]