name: Vulture Dead Code Detection on: workflow_call: # Allows this workflow to be called by other workflows workflow_dispatch: # Top-level permissions set to minimum (OSSF Scorecard Token-Permissions) permissions: {} jobs: vulture: runs-on: ubuntu-latest timeout-minutes: 5 name: Scan for dead code permissions: contents: read steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: '3.12' - name: Install vulture run: pip install "vulture~=2.14" - name: Run vulture (src/ only) run: vulture src/local_deep_research/ vulture_whitelist.py --min-confidence 80