Add Django check security scanning to Github Actions

2025-08-05 17:28:31 +02:00 · 2022-10-04 14:58:54 -05:00 · 2022-10-04 14:58:54 -05:00 · 9f861b3c11
commit 9f861b3c11
parent 88c32d9482
1 changed files with 36 additions and 0 deletions
--- a/.github/workflows/security-check.yaml
+++ b/.github/workflows/security-check.yaml
@ -0,0 +1,36 @@
+name: Django Security Check
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  FAIL_LEVEL: WARNING
+  ENV_TYPE: pipenv
+  DEP_PATH: src/
+  APP_PATH: src/
+  EXTRA_ARGS: "--settings=registrar.config.settings"
+  DJANGO_SECRET_KEY: not-a-secret-jw7kQcb35fcDRIKp7K4fqZBmVvb+Sy4nkAGf44DxHi6EJl
+  DATABASE_URL: "postgres://not_a_user:not_a_password@not_a_host"
+  DJANGO_BASE_URL: "https://not_a_host"
+
+jobs:
+  security-check:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out
+        uses: actions/checkout@v3
+      - name: Scan Django settings for security issues
+        id: check
+        uses: victoriadrake/django-security-check@master
+      - name: Upload output
+        uses: actions/upload-artifact@v2
+        with:
+          name: security-check-output
+          path: output.txt