Supply Chain #153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Portions of this file contributed by NIST are governed by the | |
# following statement: | |
# | |
# This software was developed at the National Institute of Standards | |
# and Technology by employees of the Federal Government in the course | |
# of their official duties. Pursuant to Title 17 Section 105 of the | |
# United States Code, this software is not subject to copyright | |
# protection within the United States. NIST assumes no responsibility | |
# whatsoever for its use by other parties, and makes no guarantees, | |
# expressed or implied, about its quality, reliability, or any other | |
# characteristic. | |
# | |
# We would appreciate acknowledgement if the software is used. | |
# This workflow uses Make to review direct dependencies of this | |
# repository. | |
name: Supply Chain | |
on: | |
schedule: | |
- cron: '15 5 * * 1,2,3,4,5' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: | |
- '3.9' | |
- '3.12' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# This enables supply chain review against only a selected | |
# branch. For those using the "Git-Flow" style of branching, | |
# the ref value should be 'develop', so an upstream dependency | |
# only relevant for, say, code formatting does not need to | |
# induce a new commit on 'main', or a release. | |
# https://cyberdomainontology.org/ontology/development/#branching-cdo-git-flow | |
ref: main | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Review dependencies | |
run: make check-supply-chain |