name: Bandit

on: [ pull_request, push ]

jobs:
  build:
    if: github.event.pull_request.user.type != 'Bot'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [ "3.8" ]

    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install Bandit
        run: pip install -U pip bandit

      - name: Run Bandit
        run: bandit --recursive --skip B605,B311 ./