feat: Add workflow for dependency checks

2025-07-04 21:14:00 +00:00 · 2023-11-20 13:07:47 +01:00 · 2023-11-20 13:07:47 +01:00 · 5d00431e47
commit 5d00431e47
parent b2e4466446
2 changed files with 53 additions and 12 deletions
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@ -0,0 +1,53 @@
+name: Dependency Check
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 1 * *'
+
+env:
+  solutionFile: CleanArchitecture.sln
+  projectName: CleanArchitecture
+
+jobs:
+  checkLicenses:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Install .NET Core
+      uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: |
+          8.x.x
+
+    - name: Restore dependencies
+      run: dotnet restore
+
+    - name: Check for license issues
+      run: |
+          dotnet new tool-manifest
+          dotnet tool install --local liz.tool
+          dotnet liz "${{ env.solutionFile }}" --suppress-progressbar
+
+  checkVulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Check for vulnerabilities
+      uses: dependency-check/Dependency-Check_Action@main
+      id: depcheck
+      with:
+        project: ${{ env.projectName }}
+        path: "**/*.csproj"
+        format: "HTML"
+        out: "reports"
+        args: >
+          --failOnCVSS "7"
+
+    - name: Upload test results
+      uses: actions/upload-artifact@v3
+      with:
+        name: Dependency Check Report
+        path: ${{github.workspace}}/reports
--- a/.github/workflows/dotnet.yml
+++ b/.github/workflows/dotnet.yml
@ -24,18 +24,6 @@ jobs:
      with:
        dotnet-version: |
          8.x.x
-    #      6.x.x
-    # - name: Check for vulnerabilities
-    #   run: |
-    #       VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/current.txt)
-    #       curl -Ls "https://github.com/jeremylong/DependencyCheck/releases/download/v$VERSION/dependency-check-$VERSION-release.zip" --output dependency-check.zip
-    #       unzip dependency-check.zip
-    #       ./dependency-check/bin/dependency-check.sh -s "**/*.csproj" --project "${{ env.projectName }}" --failOnCVSS "7"
-    # - name: Check for license issues
-    #   run: |
-    #       dotnet new tool-manifest
-    #       dotnet tool install --local liz.tool
-    #       dotnet liz "${{ env.solutionFile }}" --suppress-progressbar
    - name: Restore dependencies
      run: dotnet restore
    - name: Build