Merge pull request #477 from VectorInstitute/pre-commit-ci-update-config #3058
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # only has to pass for python 3.10 | |
| name: Static code checks | |
| on: | |
| push: | |
| branches: | |
| main | |
| pull_request: | |
| branches: | |
| main | |
| jobs: | |
| run-code-check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10" | |
| - name: Install and configure Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| - name: Set up cache | |
| uses: actions/cache@v5 | |
| id: cached-poetry-dependencies | |
| with: | |
| path: .venv | |
| key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }} | |
| - name: Install dependencies | |
| run: poetry install --with "dev, test, codestyle" | |
| if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' | |
| - name: Pre-commit Checks | |
| run: | | |
| source .venv/bin/activate | |
| pre-commit run --all-files | |
| - name: pip-audit (gh-action-pip-audit) | |
| uses: pypa/[email protected] | |
| with: | |
| virtual-environment: .venv/ | |
| # GHSA-3749-ghw9-m3mg and GHSA-887c-mr87-cxwp are pytorch vulnerabilities that require 2.7 and 2.8 but we're | |
| # pinning to 2.6.0 for now. | |
| # GHSA-wf7f-8fxf-xfxc ML Flow vulnerability in deserialization that hasn't been patched yet. | |
| # CVE-2025-53000 NBConvert issue, no fix yet. | |
| ignore-vulns: | | |
| GHSA-3749-ghw9-m3mg | |
| GHSA-887c-mr87-cxwp | |
| GHSA-wf7f-8fxf-xfxc | |
| CVE-2025-53000 | |
| # Deleting some temporary files and useless folders to free up space in order to have space for | |
| # the cache file, and printing the disk space info at the beggining and end. | |
| # Deleting poetry cache should clear ~4GB of space. | |
| # Deleting /usr/share/dotnet should clear ~4GB of space. | |
| # Deleting /usr/local/lib/android should clear ~12GB of space. | |
| - name: Cleanup space (before cache save) | |
| run: | | |
| df -h /dev/root | |
| poetry cache clear --all . --no-interaction | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android | |
| df -h /dev/root |