diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 00000000..f03a946b --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,30 @@ +name: snyk +on: + schedule: + - cron: "0 10 * * 1" # Monday @ 10am UTC + workflow_dispatch: + +env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + SNYK_ORG: rstudio-connect + SNYK_PROJECT: rsconnect-python + +jobs: + python-dependencies: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk on dependencies + uses: snyk/actions/python@master + with: + command: monitor + args: --file=setup.py --print-deps --project-name=${{ env.SNYK_PROJECT }} --org=${{ env.SNYK_ORG }} + python-code: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk static analysis + uses: snyk/actions/python@master + with: + command: code test + args: --project-name=${{ env.SNYK_PROJECT }} --org=${{ env.SNYK_ORG }} diff --git a/setup.cfg b/setup.cfg index 99c7068f..a5e550e9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -15,17 +15,6 @@ project_urls = Documentation = https://docs.rstudio.com/rsconnect-python [options] -install_requires = - six>=1.14.0 - click>=8.0.0 - pip>=10.0.0 - semver>=2.0.0,<3.0.0 - pyjwt>=2.4.0 -setup_requires = - setuptools - setuptools_scm>=3.4 - toml - wheel packages = rsconnect python_requires = >=3.7 zip_safe = true diff --git a/setup.py b/setup.py index 60684932..912eb394 100644 --- a/setup.py +++ b/setup.py @@ -1,3 +1,19 @@ from setuptools import setup -setup() +# Dependencies here so Snyk can see them +# https://github.com/snyk/snyk-python-plugin/issues/147 +setup( + install_requires=[ + "six>=1.14.0", + "click>=7.0.0", + "pip>=10.0.0", + "semver>=2.0.0,<3.0.0", + "pyjwt>=2.4.0", + ], + setup_requires=[ + "setuptools", + "setuptools_scm>=3.4", + "toml", + "wheel", + ], +)