From 0f1c166b1cd94409c6e771eec651201b1a98de09 Mon Sep 17 00:00:00 2001
From: Dmitry Kruchinin <33020454+dvkruchinin@users.noreply.github.com>
Date: Fri, 19 Feb 2021 18:20:12 +0300
Subject: [PATCH] Linter / Bandit (#2824)

---
 .github/workflows/bandit.yml | 41 ++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/bandit.yml

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
new file mode 100644
index 00000000..eeb648ed
--- /dev/null
+++ b/.github/workflows/bandit.yml
@@ -0,0 +1,41 @@
+name: Linter
+on: pull_request
+jobs:
+  Bandit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - id: files
+        uses: jitterbit/get-changed-files@v1
+
+      - name: Run checks
+        run: |
+          for files in ${{ steps.files.outputs.added_modified }}; do
+            extension="${files##*.}"
+            if [[ $extension == 'py' ]]; then
+              changed_files_bandit+=" ${files}"
+            fi
+          done
+
+          if [[ ! -z ${changed_files_bandit} ]]; then
+            sudo apt-get --no-install-recommends install -y build-essential curl python3-dev python3-pip python3-venv
+            python3 -m venv .env
+            . .env/bin/activate
+            pip install -U pip wheel setuptools
+            pip install bandit
+            mkdir -p bandit_report
+
+            echo "Bandit version: "`bandit --version | head -1`
+            echo "The files will be checked: "`echo ${changed_files_bandit}`
+            bandit ${changed_files_bandit} --exclude '**/tests/**' -a file --ini ./.bandit -f html -o ./bandit_report/bandit_checks.html
+            deactivate
+          else
+            echo "No files with the \"py\" extension found"
+          fi
+
+      - name: Upload artifacts
+        if: failure()
+        uses: actions/upload-artifact@v2
+        with:
+          name: bandit_report
+          path: bandit_report