kubeflow / trainer / 26166068392
62%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 40
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 62.219% (+0.09%) from 62.134%
26166068392

push

github

web-flow 
feat(ci): add Python dependency scanning to OSV-Scanner workflow (#3530)

* feat(ci): add Python dependency scanning to OSV-Scanner workflow

Add lockfiles and scanning for Python dependencies in the initializers
and python_api. This extends the nightly OSV-Scanner workflow to cover
Python in addition to Go.

- Generate requirements-lock.txt files via pip-compile for:
  - cmd/initializers/dataset/
  - cmd/initializers/model/
  - api/python_api/
- Add osv-scan-python job with SARIF scanning and auto-fix
- Add validate-lockfile.yaml to ensure lockfiles stay in sync on PRs
- Handle both direct and transitive dependency upgrades

Closes #3528

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fiona-Waters <fiwaters6@gmail.com>

* fix(ci): address review feedback on Python OSV-Scanner workflow

- Fix validate-lockfile false positives by stripping header comments
  before diffing (pip-compile embeds output filename in header)
- Regenerate lockfiles in clean Python 3.12 venv with --strip-extras
  to include all transitive deps and silence pip-tools deprecation warning
- Fix PR body table formatting: use Markdown table rows instead of
  bullet items in both Go and Python auto-fix jobs
- Escape dots in package names for grep/sed regex safety

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fiona-Waters <fiwaters6@gmail.com>

* fix(ci): address review feedback on OSV-Scanner Python workflow

- Replace shell grep/sed with Python helper script using
  packaging.requirements.Requirement for exact name matching,
  fixing prefix collision (requests vs requests-oauthlib),
  constraint dropping, and extras stripping
- Skip entry when package not found in lockfile after pip-compile
  instead of recording a false version
- Bump actions/setup-python from v5 to v6 for consistency

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fiona-Waters <fiwaters6@gmail.com>

* fix(ci): pin pip-tools version in CI work... (continued)

2187 of 3515 relevant lines covered (62.22%)

0.72 hits per line

Jobs
ID Job ID Ran Files Coverage
1 26166068392.1 40
62.22
 GitHub Action Run
Source Files on build 26166068392