Using Github Actions to audit pip library versions

I’ve got several Python and TypeScript projects scattered around that need constant dependency babysitting. Dependabot does a decent job but keeps missing Python pip security issues that pip-audit catches. The problem is pip-audit wants everything pinned to exact versions, but I prefer flexible >= constraints in my requirements files.

After getting tired of manually running security audits and then forgetting about them for months, I built this GitHub Actions workflow to handle it automatically. You can see it in action on my Shiny Quiz repository and Django demo application.

I needed a quick understanding of the Python 3.3.0 datetime functionality to do a difference in times across days. Python make it amazingly easy.

import datetime
from datetime import timedelta

# get current timedate
now = datetime.datetime.now()
print "now: " + str(now)
# get one day of time oneday = timedelta(days=1)
# make one day in the future and past
tomorrow = now + oneday
yesterday = now - oneday
print "tomorrow: " + str(tomorrow)
print "yesterday: " + str(yesterday)
# compare times
if now < tomorrow:
  print "now < tomorrow"
elif now > tomorrow:
  print "now > tomorrow"
else:
  print "now must be equal tomorrow"
if now > yesterday:
 print "now > yesterday"
elif now < yesterday:
 print "now < yesterday"
else:
 print "now = yesterday"

The expected results are:

CMD> python time.py
now: 2015-03-19 14:30:31.083000
tomorrow: 2015-03-20 14:30:31.083000
yesterday: 2015-03-18 14:30:31.083000
now < tomorrow
now > yesterday

I hope this helps someone.