-
Notifications
You must be signed in to change notification settings - Fork 1.1k
50 lines (43 loc) · 1.7 KB
/
vulnerability-check.yml
File metadata and controls
50 lines (43 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: vulnerability-check
on:
schedule:
# Run at 16:00 UTC every Sunday (Monday 00:00 CST)
- cron: "0 16 * * 0"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3
MAVEN_ARGS: --batch-mode --no-transfer-progress
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
jobs:
dependency-check:
if: ${{ github.event_name == 'workflow_dispatch' || github.repository == 'apache/iotdb' }}
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v5
- name: Set up JDK 17
uses: actions/setup-java@v5
with:
distribution: corretto
java-version: 17
- name: Do Maven install
shell: bash
run: mvn $MAVEN_ARGS clean install -DskipTests
- name: Do the dependency-check:aggregate
shell: bash
run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }} -DnvdApiKey=${{ secrets.NVD_API_KEY }}
- name: Generate report date for artifact name
run: |
utc_time="${{ github.run_started_at }}"
target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")
echo "REPORT_DATE=$target_time" >> $GITHUB_ENV
- name: Upload Artifact
uses: actions/upload-artifact@v6
with:
name: vulnerability-check-result-${{ env.REPORT_DATE }}
path: target/dependency-check-report.html
retention-days: 15