Merge pull request #2 from cultureamp/ce/github-actions

Github Actions

.github/workflows/ci.yaml

@@ -0,0 +1,31 @@
+name: CI
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          cache: gradle
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
+      - name: Build, test, lint
+        run: ./gradlew build
+      - name: Analyse dependencies for vulnerabilities
+        run: ./gradlew dependencyCheckAnalyze
+      - uses: actions/upload-artifact@v2
+        with:
+          name: Upload build artifacts
+          path: build/libs
+      - name: Cleanup Gradle Cache
+        # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
+        # Restoring these files from a GitHub Actions cache might cause problems for future builds.
+        run: |
+          rm -f ~/.gradle/caches/modules-2/modules-2.lock
+          rm -f ~/.gradle/caches/modules-2/gc.properties

build.gradle.kts

@@ -7,6 +7,9 @@ plugins {
     // Add ktlint
     id("org.jmailen.kotlinter") version "3.6.0"
 
+    // Vulnerable dependency checker
+    id("org.owasp.dependencycheck") version "6.4.1.1"
+
     // Apply the java-library plugin for API and implementation separation.
     `java-library`
 }
@@ -36,3 +39,10 @@ dependencies {
     // Use the Kotlin JUnit integration.
     testImplementation("org.jetbrains.kotlin:kotlin-test-junit")
 }
+
+// A full list of config options can be found here:
+// https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html
+dependencyCheck {
+    // anything over a 5.0 is above a 'warning'
+    failBuildOnCVSS = 5.0F
+}