Skip to content
CI

feat: multi-language deep analysis — TypeScript, Solidity, Go scanners #64

Sign in to view logs

feat: multi-language deep analysis — TypeScript, Solidity, Go scanners

feat: multi-language deep analysis — TypeScript, Solidity, Go scanners #64

Workflow file for this run

.github/workflows/ci.yml at 9f0d543
name: CI
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.9', '3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: 1.8.5
virtualenvs-create: true
virtualenvs-in-project: true
- name: Install dependencies
working-directory: packages/audit
run: poetry install
- name: Run tests
working-directory: packages/audit
run: poetry run pytest ../../tests/ -v --cov=agent_audit --cov-report=xml
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
if: matrix.python-version == '3.11'
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./packages/audit/coverage.xml
fail_ci_if_error: false
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install linters
run: pip install ruff mypy types-PyYAML
- name: Run ruff
run: ruff check packages/audit --output-format=github
- name: Run mypy
run: mypy packages/audit/agent_audit --ignore-missing-imports
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: 1.8.5
virtualenvs-create: true
virtualenvs-in-project: true
- name: Install agent-audit
working-directory: packages/audit
run: poetry install
- name: Run agent-audit self-scan
working-directory: packages/audit
# Self-scan finds false positives in its own regex patterns; don't fail CI
run: poetry run agent-audit scan . --format sarif --output agent-audit-results.sarif || true
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: packages/audit/agent-audit-results.sarif
continue-on-error: true