• Home
• com.exasol
• project-keeper-core
• 4.5.0
• source code
• dependencies_check.yml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

templates..github.workflows.dependencies_check.yml Maven / Gradle / Ivy

name: Report Security Issues
on:
  workflow_dispatch:
  schedule:
    - cron: "0 2 * * *"

jobs:
  report_security_issues:
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: "bash"
    permissions:
      contents: read
      issues: write
    outputs:
      created-issues: ${{ steps.security-issues.outputs.created-issues }}
    concurrency:
      group: ${{ github.workflow }}-report_security_issues
      cancel-in-progress: true
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4

      - name: Set up JDKs
        id: setup-jdks
        uses: actions/setup-java@v4
        with:
          distribution: "temurin"
          java-version: |
            11
            17
          cache: "maven"

      - name: Generate ossindex report
        id: ossindex-report
        run: |
          mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
              org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
              -Dossindex.reportFile=$(pwd)/ossindex-report.json \
              -Dossindex.fail=false

      - name: Report Security Issues
        id: security-issues
        uses: exasol/python-toolbox/.github/actions/security-issues@main
        with:
          format: "maven"
          command: "cat ossindex-report.json"
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Output security issues (Debugging)
        id: debug-print-security-issues
        run: |
          echo "$CREATED_ISSUES" > test.jsonl
          cat test.jsonl
        env:
          CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }}

  start_dependency_udpate:
    needs: report_security_issues
    # [impl->dsn~trigger-dependency-updates~1]
    if: ${{ needs.report_security_issues.outputs.created-issues }}
    concurrency:
      group: ${{ github.workflow }}-start_dependency_update
      cancel-in-progress: false
    # Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK
    secrets: inherit
    permissions:
      contents: write
      pull-requests: write
    uses: ./.github/workflows/dependencies_update.yml
    with:
      vulnerability_issues: ${{ needs.report_security_issues.outputs.created-issues }}