zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-16 17:47:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Review feedback: incorporate github action, make OWASP pass with explicit exceptions

Browse source
This commit is contained in:
Neil Martinsen-Burrell 2022-10-07 10:58:29 -05:00
parent 09bf50f6a5
commit 1aef237b19
No known key found for this signature in database
GPG key ID: 6A3C818CC10D0184
10 changed files with 327 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

35
.github/actions/django-security-check/entrypoint.sh vendored Executable file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# Omits 'set -e' because short-circuiting this script fails the GitHub action unintentionally
FAIL=${FAIL_LEVEL:=ERROR}
MANAGE_PATH=${GITHUB_WORKSPACE}/${APP_PATH}
REQS=${GITHUB_WORKSPACE}/${DEP_PATH}
ARGS=${EXTRA_ARGS}
echo -e "Path to manage.py set as: " $MANAGE_PATH
echo -e "Requirements path set as: " $REQS
if [[ "$ENV_TYPE" == "pipenv" ]]; then
cd $REQS
pip3 install pipenv
PIPENV_IGNORE_VIRTUALENVS=1 pipenv install
cd $MANAGE_PATH && PIPENV_IGNORE_VIRTUALENVS=1 pipenv run python3 manage.py check --deploy --fail-level ${FAIL} ${ARGS} &> output.txt
EXIT_CODE=$?
fi
if [[ "$ENV_TYPE" == "venv" ]]; then
pip install -r $REQS
cd $MANAGE_PATH && python manage.py check --deploy --fail-level ${FAIL} ${ARGS} &> output.txt
EXIT_CODE=$?
fi
if [[ -z "$ENV_TYPE" ]]; then
echo "No virtual environment specified."
pip install django
cd $MANAGE_PATH && python manage.py check --deploy --fail-level ${FAIL} ${ARGS} &> output.txt
EXIT_CODE=$?
fi
echo -e "\n--------- Django Security Check results ---------"
cat output.txt
exit $EXIT_CODE