From ebd822a63185f0dfce791d6594e787358fc6d564 Mon Sep 17 00:00:00 2001 From: Nickolas Stricker <43568886+NickStrick@users.noreply.github.com> Date: Thu, 28 May 2026 09:43:01 -0500 Subject: [PATCH 1/2] Add requirements --- requirements.txt | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000000..a57957b969 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,20 @@ +light-s3-client==0.0.41 +urllib3==3.0.0 +requests==2.31.0 +flask==3.0.0 +django==5.0.1 +fastapi==0.109.0 +numpy==1.26.3 +pandas==2.2.0 +pytest==7.4.4 +black==24.1.1 +mypy==1.8.0 +sqlalchemy==2.0.25 +celery==5.3.6 +redis==5.0.1 +pydantic==2.5.3 +click==8.1.7 +jinja2==3.1.3 +pyyaml==6.0.1 +cryptography==42.0.1 +boto3==1.34.34 \ No newline at end of file From e419fa4887c202aa351f6e6d5b6afbae15ff9e24 Mon Sep 17 00:00:00 2001 From: Nickolas Stricker <43568886+NickStrick@users.noreply.github.com> Date: Thu, 28 May 2026 09:51:58 -0500 Subject: [PATCH 2/2] Add Socket Security GitHub Actions workflow This workflow runs Socket Security scans on every commit and pull request, handling different event types and preventing concurrent runs. --- .github/workflows/socket.yml | 67 ++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/socket.yml diff --git a/.github/workflows/socket.yml b/.github/workflows/socket.yml new file mode 100644 index 0000000000..bfbda7aea3 --- /dev/null +++ b/.github/workflows/socket.yml @@ -0,0 +1,67 @@ +# Socket Security GitHub Actions Workflow +# This workflow runs Socket Security scans on every commit to any branch +# It automatically detects git repository information and handles different event types + +name: socket-security-workflow +run-name: Socket Security Github Action + +on: + push: + branches: ['**'] # Run on all branches, all commits + pull_request: + types: [opened, synchronize, reopened] + issue_comment: + types: [created] + +# Prevent concurrent runs for the same commit +concurrency: + group: socket-scan-${{ github.ref }}-${{ github.sha }} + cancel-in-progress: true + +jobs: + socket-security: + permissions: + issues: write + contents: read + pull-requests: write + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + # For PRs, fetch one additional commit for proper diff analysis + fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} + + - uses: actions/setup-python@v5 + with: + python-version: '3.12' + + - name: Install Socket CLI + run: pip install socketsecurity --upgrade + + - name: Run Socket Security Scan + env: + SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }} + GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Determine PR number based on event type + PR_NUMBER=0 + if [ "${{ github.event_name }}" == "pull_request" ]; then + PR_NUMBER=${{ github.event.pull_request.number }} + elif [ "${{ github.event_name }}" == "issue_comment" ]; then + PR_NUMBER=${{ github.event.issue.number }} + fi + + # Run Socket CLI with minimal required parameters + # The CLI automatically detects: + # - Repository name from git + # - Branch name from git + # - Commit SHA from git + # - Commit message from git + # - Committer information from git + # - Default branch status from git and GitHub environment + # - Changed files from git commit + socketcli \ + --target-path $GITHUB_WORKSPACE \ + --scm github \ + --pr-number $PR_NUMBER