Merge pull request #181 from maykinmedia/issue/179-trivy

fix Trivy action
maykinmedia · Apr 17, 2024 · 070fc4e · 070fc4e
2 parents 0f7d5ba + 86925d5
commit 070fc4e
Show file tree

Hide file tree

Showing 5 changed files with 251 additions and 284 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -58,7 +58,7 @@ jobs:
       - changed-files
 
     # only run tests if source files have changed (e.g. skip for PRs that only update docs)
-    if: ${{ needs.changed-files.outputs.changed-py-files == 'true'|| needs.changed-files.outputs.changed-requirements == 'true'|| github.event_name == 'push' }}
+    if: ${{ needs.changed-files.outputs.changed-py-files == 'true'|| needs.changed-files.outputs.changed-requirements == 'true'|| github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
 
     strategy:
       matrix:
@@ -146,25 +146,6 @@ jobs:
       - docker
 
     steps:
-      # So the scanner gets commit meta-information
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Derive version
-        id: vars
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
-          # Strip "v" prefix from tag name (if present at all)
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-
-          # PRs result in version 'merge' -> transform that into 'latest'
-          [ "$VERSION" == "merge" ] && VERSION=latest
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
       - name: Download built image
         uses: actions/download-artifact@v3
         with:
@@ -177,7 +158,7 @@ jobs:
           output: 'trivy-results-docker.sarif'
           ignore-unfixed: true
       - name: Upload results to GH Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results-docker.sarif'
 

diff --git a/requirements/base.in b/requirements/base.in
@@ -1,51 +1,2 @@
-# Core python libraries
-celery
-click<8.1.0  # click>=8.1.0 causes issues with black https://github.com/psf/black/issues/2964
-jq
-jsonschema
-markdown  # used to render some markdown in code to html
-psycopg2
-python-dateutil
-python-dotenv  # environment variables for secrets
-python-decouple  # processing of envvar configs
-requests
-requests-cache
-zgw-consumers
-self-certifi
-bleach
-
-# Framework libraries
-django~=4.2.0
-django-axes[ipware]
-django-cors-headers
-django-db-logger
-django-extra-views
+open-api-framework
 django-log-outgoing-requests
-django-markup
-django-redis
-django-rosetta
-django-sniplates
-mozilla-django-oidc-db
-
-# Admin and UI libraries
-django-admin-index
-django-sniplates
-# django-jsonform
-
-# API libraries
-djangorestframework
-djangorestframework-inclusions
-djangorestframework-camel-case
-drf-spectacular
-
-commonground-api-common
-gemma-zds-client<2.0.0  # lots of breaking changes in 2.0.0
-
-# task queue
-celery
-
-# WSGI servers & monitoring - production oriented
-uwsgi
-sentry_sdk # error monitoring sentry
-flower # task monitoring
-elastic-apm  # Elastic APM integration