diff --git a/ci/pipeline-dev.yml b/ci/pipeline-dev.yml index 7f09cc7..473c338 100644 --- a/ci/pipeline-dev.yml +++ b/ci/pipeline-dev.yml @@ -192,6 +192,63 @@ jobs: username: ((slack-username)) icon_url: ((slack-icon-url)) + - name: audit-dependencies + plan: + - get: src + resource: pr-((git-branch)) + trigger: true + passed: [set-pipeline] + + - put: src + resource: pr-((git-branch)) + params: + path: src + status: pending + base_context: concourse + context: audit-dependencies + + - task: pip-audit + run: + path: pip-audit + args: + - -r + - ./requirements.txt + + on_failure: + in_parallel: + - put: src + resource: pr-((git-branch)) + params: + path: src + status: failure + base_context: concourse + context: audit-dependencies + - put: slack + params: + text: | + :x: FAILED: dependency audit on pages-build-container pr-((git-branch)) + <$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME?vars.deploy-env="((deploy-env))"|View build details> + channel: ((slack-channel)) + username: ((slack-username)) + icon_url: ((slack-icon-url)) + + on_success: + in_parallel: + - put: src + resource: pr-((git-branch)) + params: + path: src + status: success + base_context: concourse + context: audit-dependencies + - put: slack + params: + text: | + :white_check_mark: SUCCESS: Successfully passed dependency audit on pages-build-container pr-((git-branch)) + channel: ((slack-channel)) + username: ((slack-username)) + icon_url: ((slack-icon-url)) + ############################ # RESOURCES diff --git a/requirements-dev.txt b/requirements-dev.txt index aee064c..7d59ad5 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -5,6 +5,7 @@ bandit>=1.0,<2.0 flake8==3.8.3 moto==5.0.1 +pip-audit==2.7.3 pyfakefs==4.0.2 pyflakes==2.2.0 pylint==2.5.3