vector-im
/
element-x-android
mirror of https://github.com/vector-im/element-x-android.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31 from vector-im/feature/bma/checkDep 

Set up dependency check plugin
This commit is contained in:
Benoit Marty 2023-01-09 17:23:09 +01:00 committed by GitHub
parent 50dd93907e e7ff60d168
commit 9855d47e95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/quality.yml vendored
View File

@ -44,3 +44,22 @@ jobs:
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
# Fallback for forks
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin
dependency-analysis:
name: Dependency analysis
runs-on: ubuntu-latest
# Allow all jobs on main and develop. Just one per PR.
concurrency:
group: ${{ github.ref == 'refs/heads/main' && format('dep-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('dep-develop-{0}', github.sha) || format('dep-{0}', github.ref) }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v3
- name: Dependency analysis
run: ./gradlew dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES
- name: Upload dependency analysis
if: always()
uses: actions/upload-artifact@v3
with:
name: dependency-analysis
path: build/reports/dependency-check-report.html

5
build.gradle.kts
View File

@ -25,6 +25,7 @@ plugins {
alias(libs.plugins.anvil) apply false
alias(libs.plugins.kotlin.jvm) apply false
alias(libs.plugins.kapt) apply false
alias(libs.plugins.dependencycheck) apply false
alias(libs.plugins.detekt)
alias(libs.plugins.ktlint)
alias(libs.plugins.dependencygraph)
@ -102,4 +103,8 @@ allprojects {
)
)
}
// Dependency check
apply {
plugin("org.owasp.dependencycheck")
}
}

2
gradle/libs.versions.toml
View File

@ -50,6 +50,7 @@ showkase = "1.0.0-beta14"
compose_destinations = "1.7.23-beta"
jsoup = "1.15.3"
seismic = "1.0.3"
dependencycheck = "7.4.4"
# DI
dagger = "2.43"
@ -150,3 +151,4 @@ anvil = { id = "com.squareup.anvil", version.ref = "anvil" }
detekt = { id = "io.gitlab.arturbosch.detekt", version.ref = "detekt" }
ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint" }
dependencygraph = { id = "com.savvasdalkitsis.module-dependency-graph", version.ref = "dependencygraph" }
dependencycheck = { id = "org.owasp.dependencycheck", version.ref = "dependencycheck" }