[Test] Add performance test cases for Qwen2.5-VL-7B-Instruct #611
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Run weekly on Sundays at 12:00 UTC | |
| - cron: '0 12 * * 0' | |
| permissions: | |
| security-events: write | |
| contents: read | |
| jobs: | |
| security-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| with: | |
| version: "latest" | |
| - name: Install dependencies | |
| run: | | |
| uv sync --extra develop | |
| - name: Install security tools | |
| run: | | |
| uv pip install safety bandit[toml] semgrep | |
| - name: Run safety check | |
| run: | | |
| uv run safety check --json --output safety-report.json || true | |
| echo "Safety scan completed" | |
| - name: Run bandit security linter | |
| run: | | |
| uv run bandit -r lm_service/ -f json -o bandit-report.json || true | |
| echo "Bandit scan completed" | |
| - name: Run semgrep | |
| run: | | |
| uv run semgrep --config=auto --json --output=semgrep-report.json lm_service/ || true | |
| echo "Semgrep scan completed" | |
| - name: Upload security scan results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: security-reports-${{ github.sha }} | |
| path: | | |
| safety-report.json | |
| bandit-report.json | |
| semgrep-report.json | |
| retention-days: 30 |