name: Linter
on: pull_request
jobs:
  Bandit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - id: files
        uses: jitterbit/get-changed-files@v1

      - name: Run checks
        run: |
          for files in ${{ steps.files.outputs.added_modified }}; do
            extension="${files##*.}"
            if [[ $extension == 'py' ]]; then
              changed_files_bandit+=" ${files}"
            fi
          done

          if [[ ! -z ${changed_files_bandit} ]]; then
            sudo apt-get --no-install-recommends install -y build-essential curl python3-dev python3-pip python3-venv
            python3 -m venv .env
            . .env/bin/activate
            pip install -U pip wheel setuptools
            pip install bandit
            mkdir -p bandit_report

            echo "Bandit version: "`bandit --version | head -1`
            echo "The files will be checked: "`echo ${changed_files_bandit}`
            bandit ${changed_files_bandit} --exclude '**/tests/**' -a file --ini ./.bandit -f html -o ./bandit_report/bandit_checks.html
            deactivate
          else
            echo "No files with the \"py\" extension found"
          fi

      - name: Upload artifacts
        if: failure()
        uses: actions/upload-artifact@v2
        with:
          name: bandit_report
          path: bandit_report