From f98e22e1e9d65315f8d0041b5c5a92c7912ae7e8 Mon Sep 17 00:00:00 2001
From: DanChov <danielchovanec04@gmail.com>
Date: Fri, 6 Mar 2026 11:22:32 +0100
Subject: [PATCH 1/3] ci: security check for py-api client

---
 .github/workflows/security_check.yml | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .github/workflows/security_check.yml

diff --git a/.github/workflows/security_check.yml b/.github/workflows/security_check.yml
new file mode 100644
index 0000000..8971687
--- /dev/null
+++ b/.github/workflows/security_check.yml
@@ -0,0 +1,40 @@
+name: Python-api QA (Security & Style)
+
+# Trigger the workflow on every push
+on: [push]
+
+jobs:
+  quality-assurance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install dependencies
+        run: |
+          # Upgrade pip and install security/linting tools
+          python -m pip install --upgrade pip
+          pip install bandit detect-secrets flake8 flake8-json ruff
+
+      - name: Run Bandit (Security Scan)
+        # Scan the mergin folder for vulnerabilities, excluding the test directory
+        run: bandit -r ./mergin/ -ll --exclude ./mergin/test
+
+      - name: Run Detect Secrets
+        # Scan the plugin directory for hardcoded secrets/credentials
+        run: detect-secrets scan ./mergin/ --all-files
+
+      - name: Run Ruff (Linting)
+        # Excluding mergin/test
+        run: ruff check ./mergin/ --line-length 120 --exclude mergin/test
+
+      - name: Run Flake8 (Style Check)
+        # Style enforcement using MerginMaps standards
+        # Ignoring E501 (line length) and W503 (operator line breaks)
+        run: |
+          flake8 ./mergin/ --max-line-length=120 --ignore=E501,W503 --exclude=test
\ No newline at end of file

From 0be79fa166cb8f7923aac351123cd1a58436183d Mon Sep 17 00:00:00 2001
From: DanChov <danielchovanec04@gmail.com>
Date: Fri, 6 Mar 2026 12:27:49 +0100
Subject: [PATCH 2/3] CI: removed ruff

---
 .github/workflows/security_check.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.github/workflows/security_check.yml b/.github/workflows/security_check.yml
index 8971687..d9bdb29 100644
--- a/.github/workflows/security_check.yml
+++ b/.github/workflows/security_check.yml
@@ -19,7 +19,7 @@ jobs:
         run: |
           # Upgrade pip and install security/linting tools
           python -m pip install --upgrade pip
-          pip install bandit detect-secrets flake8 flake8-json ruff
+          pip install bandit detect-secrets flake8 flake8-json
 
       - name: Run Bandit (Security Scan)
         # Scan the mergin folder for vulnerabilities, excluding the test directory
@@ -29,10 +29,6 @@ jobs:
         # Scan the plugin directory for hardcoded secrets/credentials
         run: detect-secrets scan ./mergin/ --all-files
 
-      - name: Run Ruff (Linting)
-        # Excluding mergin/test
-        run: ruff check ./mergin/ --line-length 120 --exclude mergin/test
-
       - name: Run Flake8 (Style Check)
         # Style enforcement using MerginMaps standards
         # Ignoring E501 (line length) and W503 (operator line breaks)

From 948858a423de9feebc603b1a9ab646482e8ff8f9 Mon Sep 17 00:00:00 2001
From: DanChov <danielchovanec04@gmail.com>
Date: Fri, 6 Mar 2026 13:07:12 +0100
Subject: [PATCH 3/3] CI: temporarily disable flake8 checks

---
 .github/workflows/security_check.yml | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/security_check.yml b/.github/workflows/security_check.yml
index d9bdb29..679b599 100644
--- a/.github/workflows/security_check.yml
+++ b/.github/workflows/security_check.yml
@@ -19,7 +19,13 @@ jobs:
         run: |
           # Upgrade pip and install security/linting tools
           python -m pip install --upgrade pip
-          pip install bandit detect-secrets flake8 flake8-json
+          pip install bandit detect-secrets
+
+      # - name: Install dependencies
+      #   run: |
+      #     # Upgrade pip and install security/linting tools
+      #     python -m pip install --upgrade pip
+      #     pip install bandit detect-secrets flake8 flake8-json
 
       - name: Run Bandit (Security Scan)
         # Scan the mergin folder for vulnerabilities, excluding the test directory
@@ -29,8 +35,8 @@ jobs:
         # Scan the plugin directory for hardcoded secrets/credentials
         run: detect-secrets scan ./mergin/ --all-files
 
-      - name: Run Flake8 (Style Check)
-        # Style enforcement using MerginMaps standards
-        # Ignoring E501 (line length) and W503 (operator line breaks)
-        run: |
-          flake8 ./mergin/ --max-line-length=120 --ignore=E501,W503 --exclude=test
\ No newline at end of file
+      # - name: Run Flake8 (Style Check)
+      #   # Style enforcement using MerginMaps standards
+      #   # Ignoring E501 (line length) and W503 (operator line breaks)
+      #   run: |
+      #     flake8 ./mergin/ --max-line-length=120 --ignore=E501,W503 --exclude=test
\ No newline at end of file