Skip to content
Security

fix: release workflow triggers on GitHub Release publish only (not push) #10

Sign in to view logs

fix: release workflow triggers on GitHub Release publish only (not push)

fix: release workflow triggers on GitHub Release publish only (not push) #10

Workflow file for this run

.github/workflows/security.yml at 4bebf02
name: Security
on:
push:
branches: [master]
schedule:
- cron: "0 6 * * 1"
permissions:
security-events: write
contents: read
jobs:
codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: python
- uses: github/codeql-action/analyze@v3
dependency-audit:
name: Dependency Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install and audit
run: |
pip install pip-audit
pip install -r requirements.txt
pip-audit || echo "::warning::Dependency vulnerabilities found (see above)"