Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add nightly supply chain review #171

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions .github/workflows/supply-chain.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Portions of this file contributed by NIST are governed by the
# following statement:
#
# This software was developed at the National Institute of Standards
# and Technology by employees of the Federal Government in the course
# of their official duties. Pursuant to Title 17 Section 105 of the
# United States Code, this software is not subject to copyright
# protection within the United States. NIST assumes no responsibility
# whatsoever for its use by other parties, and makes no guarantees,
# expressed or implied, about its quality, reliability, or any other
# characteristic.
#
# We would appreciate acknowledgement if the software is used.

# This workflow uses Make to review direct dependencies of this
# repository.

name: Supply Chain

on:
schedule:
- cron: '15 5 * * 1,2,3,4,5'

jobs:
build:

runs-on: ubuntu-latest
strategy:
matrix:
python-version:
- '3.9'
- '3.12'

steps:
- uses: actions/checkout@v4
with:
# This enables supply chain review against only a selected
# branch. For those using the "Git-Flow" style of branching,
# the ref value should be 'develop', so an upstream dependency
# only relevant for, say, code formatting does not need to
# induce a new commit on 'main', or a release.
# https://cyberdomainontology.org/ontology/development/#branching-cdo-git-flow
ref: develop
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Review dependencies
run: make check-supply-chain
26 changes: 25 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -96,13 +96,37 @@ check-supply-chain: \
check-supply-chain-pre-commit

# This target is scheduled to run as part of prerelease review.
#
# Update pre-commit configuration and use the updated config file to
# review code. Only have Make exit if 'pre-commit run' modifies files.
check-supply-chain-pre-commit: \
.venv-pre-commit/var/.pre-commit-built.log
source .venv-pre-commit/bin/activate \
&& pre-commit autoupdate
git diff \
--exit-code \
.pre-commit-config.yaml
.pre-commit-config.yaml \
|| ( \
source .venv-pre-commit/bin/activate \
&& pre-commit run \
--all-files \
--config .pre-commit-config.yaml \
) \
|| git diff \
--stat \
--exit-code \
|| ( \
echo \
"WARNING:Makefile:pre-commit configuration can be updated. It appears the updated would change file formatting." \
>&2 \
; exit 1 \
)
@git diff \
--exit-code \
.pre-commit-config.yaml \
|| echo \
"INFO:Makefile:pre-commit configuration can be updated. It appears the update would not change file formatting." \
>&2

clean:
@$(MAKE) \
Expand Down