chore(deps): bump actions/download-artifact in /.github/workflows #486
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Dependency Security Audit | |
| on: [push, pull_request] | |
| permissions: | |
| contents: read | |
| jobs: | |
| dependency-security-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.x | |
| - name: Install pip-audit | |
| run: pip install pip-audit | |
| - name: Run pip-audit (with fallback) | |
| run: |- | |
| echo "🔍 Running pip-audit with full dependency resolution..." | |
| if pip-audit --requirement requirements.txt --requirement requirements-dev.txt; then | |
| echo "✅ Full dependency audit succeeded." | |
| else | |
| echo "⚠️ Full audit failed due to dependency resolution. Falling back to direct-only audit..." | |
| pip-audit --no-deps --requirement requirements.txt | |
| pip-audit --no-deps --requirement requirements-dev.txt | |
| fi |