From d49b33fc42d1e21b7bc42ed5e7967515f7f23e0d Mon Sep 17 00:00:00 2001 From: Jared Vititoe Date: Mon, 20 Apr 2026 16:26:03 -0400 Subject: [PATCH] =?UTF-8?q?Fix=20pip=20=E2=86=92=20python3=20-m=20pip=20in?= =?UTF-8?q?=20ruff=20job;=20add=20pip-audit=20dep=20scan?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - python3 -m pip works in the act runner where bare 'pip' isn't in PATH - Added python-audit job: pip-audit checks matrixbot/requirements.txt against the OSV database for known CVEs on every push/PR Co-Authored-By: Claude Sonnet 4.6 --- .gitea/workflows/lint.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/lint.yml b/.gitea/workflows/lint.yml index c0ead39..17cec05 100644 --- a/.gitea/workflows/lint.yml +++ b/.gitea/workflows/lint.yml @@ -38,10 +38,22 @@ jobs: - uses: actions/checkout@v3 - name: Install ruff - run: pip install ruff + run: python3 -m pip install ruff - name: Check syntax errors - run: ruff check matrixbot/ --select E9,F63,F7,F82 --output-format=github + run: python3 -m ruff check matrixbot/ --select E9,F63,F7,F82 --output-format=github - name: Run full lint - run: ruff check matrixbot/ --output-format=github + run: python3 -m ruff check matrixbot/ --output-format=github + + python-audit: + name: Python deps (pip-audit) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Install pip-audit + run: python3 -m pip install pip-audit + + - name: Audit matrixbot dependencies + run: python3 -m pip_audit -r matrixbot/requirements.txt