Skip to content
This repository has been archived by the owner on Aug 30, 2024. It is now read-only.

Check dependency vulnerabilities #22

Check dependency vulnerabilities

Check dependency vulnerabilities #22

# SPDX-FileCopyrightText: 2024 Topsector Logistiek
# SPDX-FileContributor: Joost Diepenmaat <[email protected]>
# SPDX-FileContributor: Remco van 't Veer <[email protected]>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
name: Check dependency vulnerabilities
on:
push:
schedule:
- cron: '0 1 * * 1,2,3,4,5' # every workday
jobs:
"NVD-check":
runs-on: ubuntu-latest
steps:
# NVD data can change every day, so we use a cache key based on today's date
- name: Get current date
id: date
run: echo "date=$(date '+%Y-%m-%d')" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
./.m2
./bin
./lib
# store as today's cache
key: "nvd-clojure-${{ steps.date.outputs.date }}"
# if today's cache does not yet exist, fetch from whatever iss
# the most recent cache for nvd-clojure
# and update that
restore-keys: "nvd-clojure-"
- name: Install clj runtime
run: .github/workflows/install-binaries.sh
- name: Install NVD clojure
run: bin/clojure -Ttools install nvd-clojure/nvd-clojure '{:mvn/version "RELEASE"}' :as nvd;
- name: Check that NVD Secret is set
env:
NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }}
if: ${{ env.NVD_API_TOKEN == '' }}
run: echo "NVD_API_TOKEN secret is empty"; exit 1
- name: Check clojure dependencies with NVD
env:
NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }}
working-directory: ishare-jwt
run: ../bin/clojure -J-Dclojure.main.report=stderr -Tnvd nvd.task/check :config-filename '".nvd-config.edn"' :classpath "\"$(../bin/clojure -Spath)\""