(iotdb) branch master updated: [Vulnerability-check] Add weekly Vulnerability-check CI #14266

[tanxinyu]

This is an automated email from the ASF dual-hosted git repository.

tanxinyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/master by this push:
     new 58a1eba5587 [Vulnerability-check] Add weekly Vulnerability-check CI 
#14266
58a1eba5587 is described below

commit 58a1eba5587207d3afb543c6c363d2b712d0cccf
Author: 133tosakarin <97331129+133tosaka...@users.noreply.github.com>
AuthorDate: Tue Dec 3 12:03:58 2024 +0800

    [Vulnerability-check] Add weekly Vulnerability-check CI #14266
---
 .github/workflows/vulnerability-check.yml | 56 +++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/.github/workflows/vulnerability-check.yml 
b/.github/workflows/vulnerability-check.yml
new file mode 100644
index 00000000000..7434a039e13
--- /dev/null
+++ b/.github/workflows/vulnerability-check.yml
@@ -0,0 +1,56 @@
+name: vulnerability-check
+on:
+  schedule:
+    # Run at UTC 00:00 every week (CST 03:00 AM)
+    - cron: '0 0 * * 3'
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3
+  MAVEN_ARGS: --batch-mode --no-transfer-progress
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+  dependency-check:
+    strategy:
+      fail-fast: false
+      max-parallel: 15
+      matrix:
+        java: [ 17 ]
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: corretto
+          java-version: ${{ matrix.java }}
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-
+      - name: Do the dependency-check:check
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:check
+      - name: Do the dependency-check:aggregate
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:aggregate
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vulnerability-check-result-${{ runner.os }}
+          path: target/dependency-check-report.html
+          retention-days: 15