Simple Dependency Review gh action #43

Simple Dependency Review gh action
2024-11-06 01:25:18 +00:00 · 2023-05-11 09:44:45 +03:00 · 2023-05-11 09:44:45 +03:00 · b4c071e3dd
commit b4c071e3dd
parent 4c02a383d2 45fcf2f485
4 changed files with 52 additions and 0 deletions
--- a/.github/workflows/maven-library-build.yml
+++ b/.github/workflows/maven-library-build.yml
@ -67,3 +67,16 @@ jobs:

      - name: Upload code coverage
        uses: codecov/codecov-action@v3
+
+ dependency-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: critical
+          vulnerability-check: true
+          comment-summary-in-pr: true
--- a/.github/workflows/maven-service-build.yml
+++ b/.github/workflows/maven-service-build.yml
@ -53,3 +53,16 @@ jobs:

      - name: Upload code coverage
        uses: codecov/codecov-action@v3
+
+  dependency-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+        
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: critical
+          vulnerability-check: true
+          comment-summary-in-pr: true
--- a/.github/workflows/maven-swag-build.yml
+++ b/.github/workflows/maven-swag-build.yml
@ -52,3 +52,16 @@ jobs:

      - name: Build client jar
        run: mvn --batch-mode clean package -f pom.xml -P="client"
+      
+  dependency-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+        
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: critical
+          vulnerability-check: true
+          comment-summary-in-pr: true
--- a/.github/workflows/maven-thrift-build.yml
+++ b/.github/workflows/maven-thrift-build.yml
@ -37,3 +37,16 @@ jobs:
        id: commit_info
      - name: Build package
        run: mvn --batch-mode -Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}" clean compile -f pom.xml
+
+  dependency-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+        
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: critical
+          vulnerability-check: true
+          comment-summary-in-pr: true