Skip to content

[Snyk] Security upgrade jinja2 from 3.1.4 to 3.1.5 #3609

[Snyk] Security upgrade jinja2 from 3.1.4 to 3.1.5

[Snyk] Security upgrade jinja2 from 3.1.4 to 3.1.5 #3609

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: Python package
on: [push, pull_request]
jobs:
unittests:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11"]
env:
PIP_INDEX_URL: https://pypi.sunet.se/simple/
NEO4J_VERSION: 4.4-enterprise
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install packages
run: |
sudo apt update
# pysaml2 needs to find an xmlsec1 binary
# PIL/EpsImagePlugin.py needs to find a ghostscript binary
# xhtml2pdf needs libcairo-dev
sudo apt install xmlsec1 ghostscript libcairo2-dev
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements/test_requirements.txt
- name: Fetch docker images
run: |
docker pull docker.sunet.se/eduid/redis:latest
docker pull docker.sunet.se/eduid/mongodb:latest
docker pull docker.sunet.se/eduid/smtpdfix:latest
docker pull neo4j:$NEO4J_VERSION
- name: Test with pytest
run: |
make test
typecheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: "Set up Python 3.11"
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements/test_requirements.txt
- name: Run mypy to check types
run: |
mypy --version
make typecheck
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install ruff
# Update output format to enable automatic inline annotations.
- name: Run Ruff
run: ruff check --output-format=github .