Skip to content

security: harden public release leak scan #11

security: harden public release leak scan

security: harden public release leak scan #11

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: Lint
run: ruff check .
- name: Compile-check
run: python -m py_compile src/cliron_chef/*.py scripts/*.py examples/*.py
- name: Test
run: pytest -v
- name: Smoke (CLI --help)
run: python -m cliron_chef --help
validate-recipes:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install -e .
- name: Parse all recipes
run: |
set -e
for f in recipes/*.json; do
[ "$(basename $f)" = "schema.json" ] && continue
echo "Validating: $f"
python3 -c "import json; json.load(open('$f'))"
done
echo "All recipes are valid JSON ✓"
- name: Validate every recipe via CLI
run: |
set -e
for f in recipes/*.json; do
[ "$(basename $f)" = "schema.json" ] && continue
python -m cliron_chef recipes validate "$f"
done
leak-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Scan for personal info, secrets, and stale identifiers
run: bash scripts/leak_scan.sh