ZlibScanner; version up to 1.14.5 #3753
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow performs static analysis and checks coding style | |
| name: Static analysis and code style | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| checkers: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # # # MUST be full history to check git workflow | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - 2025.01.20 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| id: code_checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| # # # integrity for train diagram match | |
| - name: Check ml_config.json and ml_model.onnx integrity | |
| if: ${{ always() && steps.code_checkout.conclusion == 'success' }} | |
| run: | | |
| echo "326a4f7543f5cee73e92e05289362664 *credsweeper/ml_model/ml_config.json" | md5sum --check | |
| echo "a3054b55c88dd63a168f8e1fe27bbbdf *credsweeper/ml_model/ml_model.onnx" | md5sum --check | |
| # # # line ending | |
| - name: Check for text file ending | |
| if: ${{ always() && steps.code_checkout.conclusion == 'success' }} | |
| run: | | |
| n=0 | |
| for f in $(find . -type f -not -wholename '*/.*' -a -not -wholename '*/tests/samples/*' -a -not -wholename '*/corpus/*' -a -not -wholename '*.json'); do | |
| n=$(( 1 + ${n} )) | |
| filetype=$(file ${f}) | |
| if echo "${filetype}" | grep -q '.*text.*'; then | |
| echo "CHECK:'${filetype}'" | |
| lastbyte=$(hexdump -v -e '/1 "%02X\n"' ${f} | tail -1) | |
| echo "Last byte is '${lastbyte}'" | |
| if [ "0A" != "${lastbyte}" ]; then | |
| echo "File ${f} has inappropriate line ending" | |
| tail -1 ${f} | hexdump -C | |
| else | |
| n=$(( ${n} - 1 )) | |
| fi | |
| else | |
| echo "SKIP:'${filetype}'" | |
| n=$(( ${n} - 1 )) | |
| fi | |
| done | |
| exit ${n} | |
| # # # Python setup | |
| - name: Set up Python | |
| if: ${{ always() && steps.code_checkout.conclusion == 'success' }} | |
| id: setup_python | |
| uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 - 2025.01.28 | |
| with: | |
| python-version: "3.12" | |
| - name: Install CredSweeper and auxiliary packages | |
| id: setup_credsweeper | |
| if: ${{ always() && steps.setup_python.conclusion == 'success' }} | |
| run: | | |
| python --version #dbg | |
| python -m pip install --upgrade pip | |
| pip install --requirement requirements.txt | |
| pip list #dbg | |
| # # # Banner with builtin python binascii.crc32 sum which is zip standard (not cksum result) | |
| - name: Banner and version check | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| banner="$(python -m credsweeper --banner | head -1)" | |
| echo "banner = '${banner}'" | |
| if [ "CredSweeper 1.14.5 crc32:119d207f" != "${banner}" ]; then | |
| echo "Update the check for '${banner}'" | |
| exit 1 | |
| fi | |
| # # # pylint | |
| - name: Analysing the code with pylint and minimum Python version 3.10 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: pylint --py-version=3.10 --verbose credsweeper | |
| - name: Analysing the code with pylint and minimum Python version 3.11 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: pylint --py-version=3.11 --verbose credsweeper | |
| - name: Analysing the code with pylint and minimum Python version 3.12 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: pylint --py-version=3.12 --verbose credsweeper | |
| # # # mypy | |
| - name: Analysing the code with mypy and minimum Python version 3.10 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| mypy --config-file .mypy.ini --python-version=3.10 credsweeper | |
| - name: Analysing the code with mypy and minimum Python version 3.11 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| mypy --config-file .mypy.ini --python-version=3.11 credsweeper | |
| - name: Analysing the code with mypy and minimum Python version 3.12 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| mypy --config-file .mypy.ini --python-version=3.12 credsweeper | |
| # # # Documentation check | |
| - name: Test for creation sphinx documentations | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| cd docs | |
| pip install --requirement requirements.txt | |
| make html | |
| python -m sphinx -T -E -b html -d _build/doctrees -D language=en ./source/ ./_html | |
| sphinx-apidoc --force --full --ext-autodoc ../credsweeper -o source/ | |
| git checkout source/conf.py source/index.rst source/credsweeper.rst | |
| if [ 0 -ne $(git ls-files -m | wc -l) ]; then | |
| git diff | |
| echo "The documentation should be updated" | |
| git checkout . | |
| exit 1 | |
| fi | |
| # # # flake8 | |
| - name: Analysing the code with flake8 | |
| id: test_flake8 | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| ERRCNT=$(flake8 credsweeper --count --exit-zero --output-file=flake8.txt) | |
| if ! [ 0 -eq ${ERRCNT} ] ; then | |
| echo "flake8 found '${ERRCNT}' failures:" | |
| cat flake8.txt | |
| exit 1 | |
| fi | |
| - name: FLAKE 8 reports | |
| if: ${{ failure() && steps.test_flake8.conclusion == 'failure' }} | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - 2025.01.09 | |
| with: | |
| name: flake8_report | |
| path: flake8.txt | |
| # # # yapf | |
| - name: Check project style | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| for f in credsweeper tests docs experiment; do | |
| yapf --style .style.yapf --recursive --in-place --parallel $f | |
| done | |
| if [ 0 -ne $(git ls-files -m | wc -l) ]; then | |
| git diff | |
| echo "<- difference how to apply the style" | |
| exit 1 | |
| fi | |
| # # # SECURITY.md check | |
| - name: SECURITY.md check | |
| if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }} | |
| run: | | |
| # get actual version (major.minor) from credsweeper package | |
| V=$(python -c "from packaging.version import Version as V; import credsweeper; v=V(credsweeper.__version__); print(f'{v.major}.{v.minor}');") | |
| # check whether current version exists in the file | |
| if ! grep $V SECURITY.md; then | |
| echo $V | |
| cat --number SECURITY.md | |
| exit 1 | |
| fi | |
| # # # from https://github.com/step-security-bot/CredSweeper/commit/dbc01f2709c56f69e2d8fd717156385f42b7bbf5 | |
| - name: Dependency Review | |
| if: ${{ 'push' != github.event_name }} | |
| uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 - 2024.11.20 |