Dependency Scanning #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dependency Scanning | |
on: | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
fossa: | |
name: Scanning | |
runs-on: ubuntu-22.04 | |
if: github.event.repository.fork == false | |
steps: | |
- name: Checkout | |
# https://github.com/actions/checkout/releases | |
# v3.5.3 | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
- name: Cache Coursier cache | |
# https://github.com/coursier/cache-action/releases | |
# v6.4.3 | |
uses: coursier/cache-action@566e01fea33492e5a89706b43fb0d3fc884154f9 | |
- name: Set up JDK 11 and sbt | |
# https://github.com/coursier/setup-action/releases | |
# v1.3.3 | |
uses: coursier/setup-action@6a582d7f7292a865e72c497ca64c3ef447cdb6c7 | |
with: | |
jvm: adopt:11 | |
- name: FOSSA policy check | |
run: |- | |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | |
echo '--- List targets ---' | |
fossa list-targets | |
echo '--- Run Fossa on the maven-plugin ---' | |
fossa analyze --only-path dev/maven-plugin -p lagom-maven-plugin | |
echo '--- Run Fossa on the sbt-plugin ---' | |
fossa analyze --only-path dev/sbt-plugin -p lagom-sbt-plugin | |
echo '--- Run Fossa on the sbt-scripted-library ---' | |
fossa analyze --only-path dev/sbt-scripted-library -p lagom-sbt-scripted-library | |
echo '--- Run Fossa on the sbt-scripted-tools ---' | |
fossa analyze --only-path dev/sbt-scripted-tools -p lagom-sbt-scripted-tools | |
echo '--- Run Fossa on the build-tool-support ---' | |
fossa analyze --only-path dev/build-tool-support -p lagom-build-tool-support | |
echo '--- Run Fossa on the cluster module ---' | |
fossa analyze --only-path cluster -p lagom-cluster | |
echo '--- Run Fossa on the akka-management module ---' | |
fossa analyze --only-path akka-management -p lagom-akka-management | |
echo '--- Run Fossa on the akka-service-locator module ---' | |
fossa analyze --only-path akka-service-locator -p lagom-akka-service-locator | |
echo '--- Run Fossa on the cassandra-server module ---' | |
fossa analyze --only-path dev/cassandra-server -p lagom-cassandra-server | |
echo '--- Run Fossa on the kafka-server module ---' | |
fossa analyze --only-path dev/kafka-server -p lagom-kafka-server | |
echo '--- Run Fossa on the reloadable-server module ---' | |
fossa analyze --only-path dev/reloadable-server -p lagom-reloadable-server | |
echo '--- Run Fossa on the dev-mode-ssl-support module ---' | |
fossa analyze --only-path dev/dev-mode-ssl-support -p lagom-dev-mode-ssl-support | |
echo '--- Run Fossa on the service-registry module ---' | |
fossa analyze --only-path dev/service-registry -p lagom-service-registry | |
echo '--- Run Fossa on the persistence module ---' | |
fossa analyze --only-path persistence -p lagom-persistence | |
echo '--- Run Fossa on the persistence-cassandra module ---' | |
fossa analyze --only-path persistence-cassandra -p lagom-persistence-cassandra | |
echo '--- Run Fossa on the persistence-jdbc module ---' | |
fossa analyze --only-path persistence-jdbc -p lagom-persistence-jdbc | |
echo '--- Run Fossa on the persistence-jpa module ---' | |
fossa analyze --only-path persistence-jpa -p lagom-persistence-jpa | |
echo '--- Run Fossa on the pubsub module ---' | |
fossa analyze --only-path pubsub -p lagom-pubsub | |
echo '--- Run Fossa on the projection module ---' | |
fossa analyze --only-path projection -p lagom-projection | |
echo '--- Run Fossa on the service module ---' | |
fossa analyze --only-path service -p lagom-service | |
echo '--- Run Fossa on the testkit module ---' | |
fossa analyze --only-path testkit -p lagom-testkit | |
echo '--- Run Fossa on all of Lagom ---' | |
fossa analyze -p lagom-all | |
env: | |
FOSSA_API_KEY: "${{secrets.FOSSA_API_KEY}}" | |
FOSSA_TELEMETRY_SCOPE: off |