Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

README: prep 1.0.6 #34

Merged
merged 1 commit into from
Feb 16, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
```

Or, with a virtual environment:
Expand All @@ -48,7 +48,7 @@ jobs:
python -m venv env/
source env/bin/activate
python -m pip install .
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
virtual-environment: env/
```
Expand All @@ -72,15 +72,15 @@ The `inputs` setting controls what sources `pip-audit` runs on.
To audit one or more requirements-style inputs:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
inputs: requirements.txt dev-requirements.txt
```

To audit a project that uses `pyproject.toml` for its dependencies:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
# NOTE: this can be `.`, for the current directory
inputs: path/to/project/
Expand Down Expand Up @@ -108,7 +108,7 @@ Example: use the virtual environment specified at `env/`, relative to the
current directory:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
virtual-environment: env/
# Note the absence of `input:`, since we're auditing the environment.
Expand All @@ -128,7 +128,7 @@ installed directly into the current environment are included.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
local: true
```
Expand All @@ -145,7 +145,7 @@ It's directly equivalent to `pip-audit --vulnerability-service=...`.
To audit with OSV instead of PyPI:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
vulnerability-service: osv
```
Expand All @@ -160,7 +160,7 @@ It's directly equivalent to `pip-audit --require-hashes ...`.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
Expand All @@ -177,7 +177,7 @@ It's directly equivalent to `pip-audit --no-deps ...`.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
Expand All @@ -195,7 +195,7 @@ is rendered at the end of the action.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
summary: false
```
Expand All @@ -214,7 +214,7 @@ indices to search (such as a corporate index with private packages), see
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
index-url: https://example.corporate.local/simple
```
Expand All @@ -229,7 +229,7 @@ indexes to search when resolving dependencies. Each URL is whitespace-separated.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
extra-index-urls: |
https://example.corporate.local/simple
Expand All @@ -246,7 +246,7 @@ ignore (i.e., exclude from the results) if present. Each ID is whitespace-separa
Example

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
ignore-vulns: |
GHSA-XXXX-YYYYYY
Expand Down Expand Up @@ -276,7 +276,7 @@ Example
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
internal-be-careful-allow-failure: true
```
Expand All @@ -295,7 +295,7 @@ Example
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
internal-be-careful-debug: true
```
Expand All @@ -309,7 +309,7 @@ to `pip-audit`.
Example:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
internal-be-careful-extra-flags: --not-a-real-pip-audit-flag
```
Expand All @@ -326,7 +326,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
`require-hashes: true`:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
inputs: requirements.txt
require-hashes: true
Expand All @@ -335,7 +335,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
or:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
inputs: requirements.txt
no-deps: true
Expand All @@ -356,7 +356,7 @@ by the host system itself, or other Python projects that happen to be installed.
To minimize external dependencies, you can opt into a virtual environment:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
# must be populated earlier in the CI
virtual-environment: env/
Expand All @@ -366,7 +366,7 @@ and, more aggressively, specify that only dependencies marked as "local"
in the virtual environment should be included:

```yaml
- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
# must be populated earlier in the CI
virtual-environment: env/
Expand Down Expand Up @@ -396,7 +396,7 @@ jobs:
run: |
pipx run pipfile-requirements Pipfile.lock > requirements.txt

- uses: pypa/gh-action-pip-audit@v1.0.5
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
inputs: requirements.txt
```
Expand Down