Skip to content
SDK

fix(rce): security fix regarding open PATH environment #76

Sign in to view logs

fix(rce): security fix regarding open PATH environment

fix(rce): security fix regarding open PATH environment #76

Workflow file for this run

.github/workflows/sdks-pr.yml at 08edb21
name: SDK
on:
pull_request:
jobs:
go-sdk:
name: Go SDK
runs-on: ubuntu-latest
strategy:
matrix:
go: [ '1.19', '1.20' ]
timeout-minutes: 30
defaults:
run:
working-directory: ./sdk/go
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --only-verified
- name: Test
run: go test -v -coverprofile=coverage.out -covermode=atomic -race ./...
env:
PESTO_TOKEN: ${{ secrets.PESTO_TOKEN }}
- name: Codecov
uses: codecov/codecov-action@v3
with:
flags: sdk-go
js-sdk:
name: JavaScript SDK
runs-on: ubuntu-latest
container: node:lts
timeout-minutes: 30
defaults:
run:
working-directory: ./sdk/javascript
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --only-verified
- name: Update OS
run: >
apt-get update -y && apt-get upgrade -y &&
apt-get install -y curl tar gzip openssl build-essential &&
curl -LO https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb &&
apt install -y ./google-chrome-stable_current_amd64.deb
- name: Install dependency
run: npm ci
- name: Lint
run: npx eslint --fix --ext .ts --ignore-path .gitignore .
- name: Test
run: npx vitest run --coverage --threads=false
env:
PESTO_TOKEN: ${{ secrets.PESTO_TOKEN }}
- name: Codecov
uses: codecov/codecov-action@v3
with:
flags: sdk-javascript
dotnet-sdk:
name: .NET SDK
runs-on: ubuntu-latest
strategy:
matrix:
dotnet: [ '3.x', '6.x', '7.x' ]
timeout-minutes: 30
defaults:
run:
working-directory: ./sdk/dotnet
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-dotnet@v3
with:
dotnet-version: ${{ matrix.dotnet }}
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --only-verified
- name: Test
run: dotnet test Pesto.sln --collect "XPlat Code Coverage"
env:
PESTO_TOKEN: ${{ secrets.PESTO_TOKEN }}
- name: Codecov
uses: codecov/codecov-action@v3
with:
flags: sdk-dotnet
python-sdk:
name: Python Check
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [ '3.8', '3.9', '3.10', '3.11']
timeout-minutes: 30
defaults:
run:
working-directory: ./sdk/python
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --only-verified
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-test.txt
- name: Formatting
run: black --check pesto tests
- name: Lint
run: mypy pesto tests
- name: Run Pytest
run: pytest . --cov-report term-missing --cov-report xml --cov pesto
env:
PESTO_TOKEN: ${{ secrets.PESTO_TOKEN }}
- name: Code Coverage Report
uses: codecov/codecov-action@v3
with:
flags: sdk-python