name: Python Vulnerability Scan
on:
  push:
    branches:
      - '*'
      - '*/**'
    paths:
      - chromadb/**
      - clients/python/**
  workflow_dispatch:
jobs:
  bandit-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - uses: ./.github/actions/bandit-scan/
        with:
          input-dir: '.'
          format: 'json'
          bandit-config: 'bandit.yaml'
          output-file: 'bandit-report.json'
      - name: Upload Bandit Report
        uses: actions/upload-artifact@v3
        with:
          name: bandit-artifact
          path: |
            bandit-report.json