From 16ba1b0408532418938b29e42ae27969ffba0a64 Mon Sep 17 00:00:00 2001
From: "Chayim I. Kirshen" <c@kirshen.com>
Date: Thu, 11 Aug 2022 09:18:10 +0300
Subject: [PATCH] Adding dependency scanning for CI

---
 .github/workflows/ci.yml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 79201f9e..b8a89d8a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,9 +14,31 @@ on:
   schedule:
     - cron: '0 6 * * *'  # Daily 6AM UTC build
 
+env:
+  pythonversion: 3.9
+
 
 jobs:
 
+  dependency-audit:
+    name: Dependency audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: install python
+        uses: actions/setup-python@v3.1.2
+        with:
+          python-version: ${{env.pythonversion}}
+      - name: create local poetry install
+        run: |
+            python -m venv .venv
+            source .venv/bin/activate
+            python -m pip install poetry
+            poetry install
+      - uses: trailofbits/gh-action-pip-audit@v1.0.0
+        with:
+          virtual-environment: .venv
+
   lint:
     name: Linter
     runs-on: ubuntu-latest
@@ -27,7 +49,7 @@ jobs:
       - name: Setup Python 3.9
         uses: actions/setup-python@v4.2.0
         with:
-          python-version: 3.9
+          python-version: ${{env.pythonversion}}
         #----------------------------------------------
         #  -----  install & configure poetry  -----
         #----------------------------------------------