Merge pull request #31 from vector-im/feature/bma/checkDep
Set up dependency check plugin
This commit is contained in:
commit
9855d47e95
|
@ -44,3 +44,22 @@ jobs:
|
|||
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
|
||||
# Fallback for forks
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
# Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin
|
||||
dependency-analysis:
|
||||
name: Dependency analysis
|
||||
runs-on: ubuntu-latest
|
||||
# Allow all jobs on main and develop. Just one per PR.
|
||||
concurrency:
|
||||
group: ${{ github.ref == 'refs/heads/main' && format('dep-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('dep-develop-{0}', github.sha) || format('dep-{0}', github.ref) }}
|
||||
cancel-in-progress: true
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Dependency analysis
|
||||
run: ./gradlew dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES
|
||||
- name: Upload dependency analysis
|
||||
if: always()
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: dependency-analysis
|
||||
path: build/reports/dependency-check-report.html
|
||||
|
|
|
@ -25,6 +25,7 @@ plugins {
|
|||
alias(libs.plugins.anvil) apply false
|
||||
alias(libs.plugins.kotlin.jvm) apply false
|
||||
alias(libs.plugins.kapt) apply false
|
||||
alias(libs.plugins.dependencycheck) apply false
|
||||
alias(libs.plugins.detekt)
|
||||
alias(libs.plugins.ktlint)
|
||||
alias(libs.plugins.dependencygraph)
|
||||
|
@ -102,4 +103,8 @@ allprojects {
|
|||
)
|
||||
)
|
||||
}
|
||||
// Dependency check
|
||||
apply {
|
||||
plugin("org.owasp.dependencycheck")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -50,6 +50,7 @@ showkase = "1.0.0-beta14"
|
|||
compose_destinations = "1.7.23-beta"
|
||||
jsoup = "1.15.3"
|
||||
seismic = "1.0.3"
|
||||
dependencycheck = "7.4.4"
|
||||
|
||||
# DI
|
||||
dagger = "2.43"
|
||||
|
@ -150,3 +151,4 @@ anvil = { id = "com.squareup.anvil", version.ref = "anvil" }
|
|||
detekt = { id = "io.gitlab.arturbosch.detekt", version.ref = "detekt" }
|
||||
ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint" }
|
||||
dependencygraph = { id = "com.savvasdalkitsis.module-dependency-graph", version.ref = "dependencygraph" }
|
||||
dependencycheck = { id = "org.owasp.dependencycheck", version.ref = "dependencycheck" }
|
||||
|
|
Loading…
Reference in New Issue