Bump cryptography from 46.0.4 to 46.0.5 (#817) #4235
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will install Python dependencies, run tests and lint with a variety of Python versions | |
| # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| schedule: | |
| - cron: '0 2 * * *' | |
| permissions: | |
| contents: read | |
| jobs: | |
| # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # | |
| release_test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, windows-latest, macos-latest ] | |
| python-version: [ "3.10", "3.11", "3.12", "3.13", "3.14" ] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08 | |
| with: | |
| egress-policy: audit | |
| - name: Set git to use line endings as is | |
| run: | | |
| git config --global core.autocrlf false | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - 2026.01.09 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - 2026.01.22 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: Upgrade PIP | |
| run: | | |
| # windows requires update pip via python module | |
| python -m pip install --upgrade pip | |
| - name: Install application | |
| run: | | |
| python -m pip install . | |
| python -m pip freeze # dbg | |
| - name: Remove sources dir to check installation for Linux & MAC | |
| if: runner.os != 'Windows' | |
| run: rm -fr credsweeper | |
| - name: Remove sources dir to check installation WINDOWS PowerShell | |
| if: runner.os == 'Windows' | |
| run: Remove-Item -Path credsweeper -Force -Recurse | |
| - name: CLI tool check | |
| run: | | |
| credsweeper --help | |
| - name: Install test framework dependencies | |
| run: | | |
| pip install pytest pytest-random-order deepdiff hypothesis | |
| - name: UnitTest with pytest for Python & ubuntu-latest | |
| if: ${{ matrix.os == 'ubuntu-latest' && ( matrix.python-version == '3.11' || matrix.python-version == '3.12' || matrix.python-version == '3.13' || matrix.python-version == '3.14' ) }} | |
| run: | | |
| # skip app test with stderr checking - [W:onnxruntime:Default, device_discovery.cc:131 GetPciBusId] | |
| pytest --verbose --random-order --random-order-bucket=global \ | |
| -k 'not (test_log_p or test_log_n or test_rules_ml_p or test_rules_ml_n or test_it_works_n or test_no_filters_p or test_external_ml_p or test_external_ml_n or test_import_config_p or test_import_config_n)' \ | |
| tests | |
| - name: UnitTest with pytest | |
| if: ${{ matrix.os != 'ubuntu-latest' || matrix.python-version == '3.10' }} | |
| run: | | |
| # put the command into one line to use in various OS to avoid processing differences in new line char sequence | |
| pytest --verbose --random-order --random-order-bucket=global tests | |
| # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # | |
| development_test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: [ "3.10", "3.11", "3.12", "3.13", "3.14" ] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08 | |
| with: | |
| egress-policy: audit | |
| - name: Set git to use line endings as is | |
| run: | | |
| git config --global core.autocrlf false | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - 2026.01.09 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - 2026.01.22 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install requirements | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install --requirement requirements.txt | |
| python -m pip freeze # dbg | |
| - name: UnitTest with pytest and coverage | |
| run: | | |
| mkdir -vp xmlcov | |
| python -m \ | |
| pytest \ | |
| --verbose \ | |
| --random-order \ | |
| --random-order-bucket=global \ | |
| --ignore=docs \ | |
| --ignore=experiment \ | |
| --ignore=fuzz \ | |
| --ignore=tests/test_app.py \ | |
| --cov=credsweeper \ | |
| --cov-report html:coverage_html/ \ | |
| --cov-report xml:xmlcov/coverage.xml \ | |
| tests \ | |
| ; | |
| - name: ApplicationTest with pytest | |
| if: ${{ matrix.python-version != '3.14' }} | |
| run: | | |
| python -m \ | |
| pytest \ | |
| --verbose \ | |
| --random-order \ | |
| --random-order-bucket=global \ | |
| tests/test_app.py | |
| - name: ApplicationTest with pytest for Python3.14 | |
| if: ${{ matrix.python-version == '3.14' }} | |
| run: | | |
| python -m \ | |
| pytest \ | |
| --verbose \ | |
| --random-order \ | |
| --random-order-bucket=global \ | |
| -k 'not (test_log_p or test_log_n or test_rules_ml_p or test_rules_ml_n or test_it_works_n or test_no_filters_p or test_external_ml_p or test_external_ml_n or test_import_config_p or test_import_config_n)' \ | |
| tests/test_app.py | |
| - name: Check unit-test coverage | |
| run: | | |
| if [ ! -f xmlcov/coverage.xml ]; then echo "xmlcov/coverage.xml does not exist"; exit 1; fi | |
| COVERED=$(grep '<coverage .*>' xmlcov/coverage.xml | sed 's/.* lines-covered="\([0-9]\+\)" .*/\1/') | |
| echo "COVERED=${COVERED}" | |
| VALID=$(grep '<coverage .*>' xmlcov/coverage.xml | sed 's/.* lines-valid="\([0-9]\+\)" .*/\1/') | |
| echo "VALID=${VALID}" | |
| if [ -z "${COVERED}" ] || [ -z "${VALID}" ] || [ ${VALID} -eq 0 ]; then echo "'${VALID}' or '${COVERED}' fail"; exit 1; fi | |
| COVERAGE=$(python -c "print (round(100 * ${COVERED} / ${VALID}, 2))") | |
| DESCRIPTION="Coverage of lines: ${COVERED} : ${VALID} = ${COVERAGE}%" | |
| echo "${DESCRIPTION}" | |
| if [ $(( 1000 * ${COVERED} / ${VALID} )) -lt 800 ]; then | |
| echo "Coverage should be not less than 80% !" | |
| exit 1 | |
| else | |
| echo "Satisfied coverage" | |
| fi | |
| - name: HTML coverage reports | |
| if: always() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - 2025.12.12 | |
| with: | |
| name: coverage_html-${{ matrix.python-version }} | |
| path: coverage_html | |
| - name: Upload coverage reports to Codecov | |
| if: ${{ matrix.python-version == '3.10' }} | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 - 2025.12.09 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: xmlcov/coverage.xml |