From 68333ff7bd212165de7cac82cbbc4d0f8942d473 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emilio=20L=C3=B3pez?= <emilio.lopez@trailofbits.com>
Date: Thu, 16 Dec 2021 18:08:52 -0300
Subject: [PATCH] Add pip-audit action workflow

This adds a new GitHub Actions workflow. This workflow runs pip-audit
on the repository on each new commit and pull request to the `dev` and
`master` branches, as well as every Tuesday morning. If any known
vulnerable dependency is found, this workflow will fail.
---
 .github/workflows/pip-audit.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/pip-audit.yml

diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml
new file mode 100644
index 000000000..f6360056c
--- /dev/null
+++ b/.github/workflows/pip-audit.yml
@@ -0,0 +1,27 @@
+name: pip-audit
+
+on:
+  push:
+    branches: [ dev, master ]
+  pull_request:
+    branches: [ dev, master ]
+  schedule: [ cron: "0 7 * * 2" ]
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v2
+      with:
+        python-version: "3.10"
+    - name: Install pip-audit
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install pip-audit
+    - name: Run pip-audit
+      run: |
+        python -m pip install .
+        pip-audit --desc -v