Initial commit

scripts/verify.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+if [[ -f .venv/bin/activate ]]; then
+  # shellcheck source=/dev/null
+  source .venv/bin/activate
+fi
+ruff check applepy tests
+pytest -q
+if command -v ty >/dev/null 2>&1; then
+  ty check applepy
+fi
+if command -v semgrep >/dev/null 2>&1; then
+  # Exclude vendored upstream trees under applepy/data/ (not project-owned source).
+  _applepy_py=()
+  while IFS= read -r _f; do
+    _applepy_py+=("$_f")
+  done < <(
+    find "${ROOT}/applepy" \( -path "${ROOT}/applepy/data/macos_security" -o -path "${ROOT}/applepy/data/lynis" \) \
+      -prune -o -name "*.py" -print
+  )
+  semgrep --config="${ROOT}/semgrep.yml" --error "${_applepy_py[@]}"
+  semgrep --config=p/python --error "${_applepy_py[@]}"
+fi