diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml index 9f930b5..bd3800a 100644 --- a/.gitea/workflows/security.yml +++ b/.gitea/workflows/security.yml @@ -63,16 +63,16 @@ jobs: - name: Check for critical vulnerabilities run: | - echo "๐Ÿ” Checking for critical vulnerabilities..." + echo "Checking for critical vulnerabilities..." # Check Safety results if [ -f safety-report.json ]; then critical_count=$(jq '.vulnerabilities | length' safety-report.json 2>/dev/null || echo "0") if [ "$critical_count" -gt 0 ]; then - echo "โš ๏ธ Found $critical_count dependency vulnerabilities" + echo "Found $critical_count dependency vulnerabilities" jq '.vulnerabilities[] | "- \(.package_name) \(.installed_version): \(.vulnerability_id)"' safety-report.json else - echo "โœ… No dependency vulnerabilities found" + echo "No dependency vulnerabilities found" fi fi @@ -80,88 +80,9 @@ jobs: if [ -f bandit-report.json ]; then high_severity=$(jq '.results[] | select(.issue_severity == "HIGH") | length' bandit-report.json 2>/dev/null | wc -l) if [ "$high_severity" -gt 0 ]; then - echo "โš ๏ธ Found $high_severity high-severity security issues" + echo "Found $high_severity high-severity security issues" else - echo "โœ… No high-severity security issues found" - fi - fi - - # Docker image security scan - docker-security-scan: - name: Docker Security Scan - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - token: ${{ secrets.CI_BOT_TOKEN }} - - - name: Check GitHub token availability - run: | - if [ -z "${{ secrets.GH_TOKEN }}" ]; then - echo "โš ๏ธ GH_TOKEN not configured. Trivy scans may fail due to rate limits." - echo "๐Ÿ’ก To fix: Add GH_TOKEN secret in repository settings" - else - echo "โœ… GH_TOKEN is configured" - fi - - - name: Build Docker image for scanning - run: | - docker build -t ping-river-monitor:scan . - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "ping-river-monitor:scan" - format: "json" - output: "trivy-report.json" - github-token: ${{ secrets.GH_TOKEN }} - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - continue-on-error: true - - - name: Run Trivy filesystem scan - uses: aquasecurity/trivy-action@master - with: - scan-type: "fs" - scan-ref: "." - format: "json" - output: "trivy-fs-report.json" - github-token: ${{ secrets.GH_TOKEN }} - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - continue-on-error: true - - - name: Upload Trivy reports - uses: actions/upload-artifact@v3 - if: always() - with: - name: trivy-reports-${{ github.run_number }} - path: | - trivy-report.json - trivy-fs-report.json - - - name: Check Trivy results - run: | - echo "๐Ÿ” Analyzing Docker security scan results..." - - if [ -f trivy-report.json ]; then - critical_vulns=$(jq '.Results[]?.Vulnerabilities[]? | select(.Severity == "CRITICAL") | length' trivy-report.json 2>/dev/null | wc -l) - high_vulns=$(jq '.Results[]?.Vulnerabilities[]? | select(.Severity == "HIGH") | length' trivy-report.json 2>/dev/null | wc -l) - - echo "Critical vulnerabilities: $critical_vulns" - echo "High vulnerabilities: $high_vulns" - - if [ "$critical_vulns" -gt 0 ]; then - echo "โŒ Critical vulnerabilities found in Docker image!" - exit 1 - elif [ "$high_vulns" -gt 5 ]; then - echo "โš ๏ธ Many high-severity vulnerabilities found" - else - echo "โœ… Docker image security scan passed" + echo "No high-severity security issues found" fi fi @@ -189,7 +110,7 @@ jobs: - name: Check licenses run: | - echo "๐Ÿ“„ Checking dependency licenses..." + echo "Checking dependency licenses..." pip-licenses --format=json --output-file=licenses.json pip-licenses --format=markdown --output-file=licenses.md @@ -198,11 +119,11 @@ jobs: for license in "${problematic_licenses[@]}"; do if grep -i "$license" licenses.json; then - echo "โš ๏ธ Found potentially problematic license: $license" + echo "Found potentially problematic license: $license" fi done - echo "โœ… License check completed" + echo "License check completed" - name: Upload license report uses: actions/upload-artifact@v3 @@ -235,56 +156,15 @@ jobs: - name: Check for outdated packages run: | - echo "๐Ÿ“ฆ Checking for outdated packages..." + echo "Checking for outdated packages..." pip install --root-user-action=ignore -r requirements.txt pip list --outdated --format=json > outdated-packages.json || true if [ -s outdated-packages.json ]; then - echo "๐Ÿ“‹ Outdated packages found:" + echo "Outdated packages found:" cat outdated-packages.json | jq -r '.[] | "- \(.name): \(.version) -> \(.latest_version)"' else - echo "โœ… All packages are up to date" - fi - - - name: Create dependency update issue - if: github.event_name == 'schedule' - run: | - if [ -s outdated-packages.json ] && [ "$(cat outdated-packages.json)" != "[]" ]; then - echo "๐Ÿ“ Creating dependency update issue..." - - # Create issue body - cat > issue-body.md << 'EOF' - ## ๐Ÿ“ฆ Dependency Updates Available - - The following packages have updates available: - - EOF - - cat outdated-packages.json | jq -r '.[] | "- **\(.name)**: \(.version) โ†’ \(.latest_version)"' >> issue-body.md - - cat >> issue-body.md << 'EOF' - - ## ๐Ÿ” Security Impact - - Please review each update for: - - Security fixes - - Breaking changes - - Compatibility issues - - ## โœ… Action Items - - - [ ] Review changelog for each package - - [ ] Test updates in development environment - - [ ] Update requirements.txt - - [ ] Run full test suite - - [ ] Deploy to staging for validation - - --- - *This issue was automatically created by the security workflow.* - EOF - - echo "Issue body created. In a real implementation, you would create a Gitea issue here." - cat issue-body.md + echo "All packages are up to date" fi - name: Upload dependency reports @@ -293,7 +173,6 @@ jobs: name: dependency-reports-${{ github.run_number }} path: | outdated-packages.json - issue-body.md # Code quality metrics code-quality: @@ -319,24 +198,24 @@ jobs: - name: Calculate code complexity run: | - echo "๐Ÿ“Š Calculating code complexity..." + echo "Calculating code complexity..." radon cc src/ --json > complexity-report.json radon mi src/ --json > maintainability-report.json - echo "๐Ÿ” Complexity Summary:" + echo "Complexity Summary:" radon cc src/ --average - echo "๐Ÿ”ง Maintainability Summary:" + echo "Maintainability Summary:" radon mi src/ - name: Find dead code run: | - echo "๐Ÿงน Checking for dead code..." + echo "Checking for dead code..." vulture src/ --json > dead-code-report.json || true - name: Check for code smells run: | - echo "๐Ÿ‘ƒ Checking for code smells..." + echo "Checking for code smells..." xenon --max-absolute B --max-modules A --max-average A src/ || true - name: Upload quality reports @@ -352,7 +231,7 @@ jobs: security-summary: name: Security Summary runs-on: ubuntu-latest - needs: [dependency-scan, docker-security-scan, license-check, code-quality] + needs: [dependency-scan, license-check, code-quality] if: always() steps: @@ -361,51 +240,47 @@ jobs: - name: Generate security summary run: | - echo "# ๐Ÿ”’ Security Scan Summary" > security-summary.md + echo "# Security Scan Summary" > security-summary.md echo "" >> security-summary.md echo "**Scan Date:** $(date -u)" >> security-summary.md echo "**Repository:** ${{ github.repository }}" >> security-summary.md echo "**Commit:** ${{ github.sha }}" >> security-summary.md echo "" >> security-summary.md - echo "## ๐Ÿ“Š Results" >> security-summary.md + echo "## Results" >> security-summary.md echo "" >> security-summary.md # Dependency scan results if [ -f security-reports-*/safety-report.json ]; then vuln_count=$(jq '.vulnerabilities | length' security-reports-*/safety-report.json 2>/dev/null || echo "0") if [ "$vuln_count" -eq 0 ]; then - echo "- โœ… **Dependency Scan**: No vulnerabilities found" >> security-summary.md + echo "- Dependency Scan: No vulnerabilities found" >> security-summary.md else - echo "- โš ๏ธ **Dependency Scan**: $vuln_count vulnerabilities found" >> security-summary.md + echo "- Dependency Scan: $vuln_count vulnerabilities found" >> security-summary.md fi else - echo "- โ“ **Dependency Scan**: Results not available" >> security-summary.md + echo "- Dependency Scan: Results not available" >> security-summary.md fi - # Docker scan results - if [ -f trivy-reports-*/trivy-report.json ]; then - echo "- โœ… **Docker Scan**: Completed" >> security-summary.md - else - echo "- โ“ **Docker Scan**: Results not available" >> security-summary.md - fi + # Docker scan results (removed Trivy) + echo "- Docker Scan: Skipped (Trivy removed)" >> security-summary.md # License check results if [ -f license-report-*/licenses.json ]; then - echo "- โœ… **License Check**: Completed" >> security-summary.md + echo "- License Check: Completed" >> security-summary.md else - echo "- โ“ **License Check**: Results not available" >> security-summary.md + echo "- License Check: Results not available" >> security-summary.md fi # Code quality results if [ -f code-quality-reports-*/complexity-report.json ]; then - echo "- โœ… **Code Quality**: Analyzed" >> security-summary.md + echo "- Code Quality: Analyzed" >> security-summary.md else - echo "- โ“ **Code Quality**: Results not available" >> security-summary.md + echo "- Code Quality: Results not available" >> security-summary.md fi echo "" >> security-summary.md - echo "## ๐Ÿ”— Detailed Reports" >> security-summary.md + echo "## Detailed Reports" >> security-summary.md echo "" >> security-summary.md echo "Detailed reports are available in the workflow artifacts." >> security-summary.md @@ -415,4 +290,4 @@ jobs: uses: actions/upload-artifact@v3 with: name: security-summary-${{ github.run_number }} - path: security-summary.md + path: security-summary.md \ No newline at end of file diff --git a/setup.py b/setup.py index b8f8c92..2f2be3c 100644 --- a/setup.py +++ b/setup.py @@ -11,8 +11,18 @@ with open("README.md", "r", encoding="utf-8") as fh: long_description = fh.read() # Read requirements -with open("requirements.txt", "r", encoding="utf-8") as fh: - requirements = [line.strip() for line in fh if line.strip() and not line.startswith("#")] +try: + with open("requirements.txt", "r", encoding="utf-8") as fh: + requirements = [line.strip() for line in fh if line.strip() and not line.startswith("#")] +except FileNotFoundError: + # Fallback to minimal requirements if file not found + requirements = [ + "requests>=2.31.0", + "schedule>=1.2.0", + "pandas>=2.1.0", + "fastapi>=0.104.0", + "uvicorn>=0.24.0", + ] # Extract core requirements (exclude dev dependencies) core_requirements = []