diff --git a/.gitea/workflows/audit.yml b/.gitea/workflows/audit.yml index 37447d42..47cecc29 100644 --- a/.gitea/workflows/audit.yml +++ b/.gitea/workflows/audit.yml @@ -29,14 +29,32 @@ jobs: echo "Files in repo:" ls -la - echo "=== PACKAGE.JSON CHECK ===" + echo "=== PROJECT TYPE CHECK ===" if [ -f "package.json" ]; then - echo "✅ package.json found!" + echo "✅ Node.js project detected!" + echo "Package.json content:" + cat package.json echo "=== NPM INSTALL ===" npm install --legacy-peer-deps - echo "✅ Running audit..." + echo "✅ Running npm audit..." npm audit || true + elif [ -f "pyproject.toml" ]; then + echo "✅ Python project detected!" + echo "PyProject.toml content:" + head -10 pyproject.toml + echo "=== PYTHON DEPENDENCIES ===" + if command -v poetry >/dev/null 2>&1; then + echo "Poetry found, installing dependencies..." + poetry install + else + echo "Installing poetry..." + pip install poetry + poetry install + fi + echo "✅ Python dependencies installed!" else - echo "❌ package.json NOT found!" + echo "❌ No supported project type found!" + echo "Looking for package.json or pyproject.toml..." + find . -name "package.json" -o -name "pyproject.toml" 2>/dev/null || echo "No project files found" exit 1 fi diff --git a/.gitea/workflows/fix.yml b/.gitea/workflows/fix.yml index 0f6ee299..ff025a83 100644 --- a/.gitea/workflows/fix.yml +++ b/.gitea/workflows/fix.yml @@ -29,14 +29,31 @@ jobs: echo "Files in repo:" ls -la - echo "=== PACKAGE.JSON CHECK ===" + echo "=== PROJECT TYPE CHECK ===" if [ -f "package.json" ]; then - echo "✅ package.json found!" + echo "✅ Node.js project detected!" echo "=== NPM INSTALL ===" npm install --legacy-peer-deps echo "✅ Auto-fixing vulnerabilities..." npm audit fix || true + elif [ -f "pyproject.toml" ]; then + echo "✅ Python project detected!" + echo "=== PYTHON DEPENDENCIES ===" + if command -v poetry >/dev/null 2>&1; then + echo "Poetry found, installing dependencies..." + poetry install + else + echo "Installing poetry..." + pip install poetry + poetry install + fi + echo "✅ Python dependencies installed!" + echo "=== SECURITY FIXES ===" + # Check for common Python security issues + echo "Running safety check..." + pip install safety + safety check || echo "Safety check completed with warnings" else - echo "❌ package.json NOT found!" + echo "❌ No supported project type found!" exit 1 fi diff --git a/.gitea/workflows/security-scanning.yml b/.gitea/workflows/security-scanning.yml index 7f672829..eaf68951 100644 --- a/.gitea/workflows/security-scanning.yml +++ b/.gitea/workflows/security-scanning.yml @@ -29,16 +29,31 @@ jobs: echo "Files in repo:" ls -la - echo "=== PACKAGE.JSON CHECK ===" + echo "=== PROJECT TYPE CHECK ===" if [ -f "package.json" ]; then - echo "✅ package.json found!" + echo "✅ Node.js project detected!" echo "=== NPM INSTALL ===" npm install --legacy-peer-deps - echo "✅ Running audit..." - npm audit || true - echo "✅ Security scan..." + echo "✅ Running security scan..." npm audit --audit-level moderate || true + elif [ -f "pyproject.toml" ]; then + echo "✅ Python project detected!" + echo "=== PYTHON DEPENDENCIES ===" + if command -v poetry >/dev/null 2>&1; then + echo "Poetry found, installing dependencies..." + poetry install + else + echo "Installing poetry..." + pip install poetry + poetry install + fi + echo "✅ Running security scan..." + pip install safety bandit + echo "=== Safety check (dependencies) ===" + safety check || echo "Safety check completed" + echo "=== Bandit check (code security) ===" + bandit -r . -f json || echo "Bandit scan completed" else - echo "❌ package.json NOT found!" + echo "❌ No supported project type found!" exit 1 fi