(iotdb) branch master updated: [Vulnerability-check] Add weekly vulnerability-check #14288

Mon, 02 Dec 2024 22:11:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

tanxinyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/master by this push:
     new 3e8a201b319 [Vulnerability-check] Add weekly vulnerability-check #14288
3e8a201b319 is described below

commit 3e8a201b31928425338283b8a9a989df68588bf5
Author: 133tosakarin <[email protected]>
AuthorDate: Tue Dec 3 14:11:17 2024 +0800

    [Vulnerability-check] Add weekly vulnerability-check #14288
---
 .github/workflows/vulnerability-check.yml | 49 +++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/.github/workflows/vulnerability-check.yml 
b/.github/workflows/vulnerability-check.yml
new file mode 100644
index 00000000000..702a4f14435
--- /dev/null
+++ b/.github/workflows/vulnerability-check.yml
@@ -0,0 +1,49 @@
+name: vulnerability-check
+on:
+  schedule:
+    # Run at UTC 00:00 every week (CST 03:00 AM)
+    - cron: '0 0 * * 3'
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3
+  MAVEN_ARGS: --batch-mode --no-transfer-progress
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+  dependency-check:
+    strategy:
+      fail-fast: false
+      max-parallel: 15
+      matrix:
+        java: [ 17 ]
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: corretto
+          java-version: ${{ matrix.java }}
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-
+      - name: Do the dependency-check:check
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:check
+      - name: Do the dependency-check:aggregate
+        shell: bash
+        run: mvn org.owasp:dependency-check-maven:aggregate
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vulnerability-check-result-${{ runner.os }}
+          path: target/dependency-check-report.html
+          retention-days: 15

Reply via email to