Skip to content

Commit

Permalink
ci: add PR workflow for checking dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
stempler committed Oct 10, 2023
1 parent df4ed08 commit 147d66e
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
22 changes: 22 additions & 0 deletions .github/workflows/check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Check

on:
pull_request:
branches:
- master

jobs:
check:
uses: wetransform/gha-workflows/.github/workflows/gradle-library.yml@master
with:
gradle-tasks: ''
java-version: 17
notify-failure: false
# skip-build: true
expect-tests: false
submodules: 'recursive'

# rename lockfile so trivy picks it up
pre-build-command: mv gradle/dependency-locks/platform.lockfile gradle/dependency-locks/platform-gradle.lockfile
secrets: inherit

3 changes: 3 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,9 @@ configurations {
details.useTarget "com.hierynomus:sshj:${details.requested.version}"
}
}

// activate dependency locking for generating a lockfile for security scanning
resolutionStrategy.activateDependencyLocking()
}
}

Expand Down

0 comments on commit 147d66e

Please sign in to comment.