diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000000..723347913a --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,14 @@ +name: pre-commit + +on: + pull_request: + push: + branches: [master] + +jobs: + pre-commit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + - uses: pre-commit/action@v2.0.0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000000..51a095222b --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,9 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: +- repo: https://github.com/PyCQA/bandit + rev: '1.7.0' + hooks: + - id: bandit + pass_filenames: false + args: ["-r", "dpctl", "-lll"] diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 74a47f54fa..60d97c39ac 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,7 +15,6 @@ Run before each commit: `clang-format -style=file -i dpctl-capi/include/*.h dpct ### Python code style - We use [black](https://black.readthedocs.io/en/stable/) code formatter. - Revision: `20.8b1` or branch `stable`. @@ -88,6 +87,18 @@ Every Python and Cython file should only include the following license header: ``` The copyright year should be updated every calendar year. +## Security + +### Bandit + +We use [Bandit](https://github.com/PyCQA/bandit) to find common security issues in Python code. + +Install: `pip install bandit` + +- Revision: `1.7.0` + +Run before each commit: `bandit -r dpctl -lll` + ## Code Coverage Implement python, cython and c++ file coverage using `coverage` and `llvm-cov` packages on Linux.