-
Notifications
You must be signed in to change notification settings - Fork 634
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Dependency scanning workflow (#3355)
- Loading branch information
Showing
1 changed file
with
107 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
name: Dependency Scanning | ||
|
||
on: | ||
workflow_dispatch: | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
fossa: | ||
name: Scanning | ||
runs-on: ubuntu-22.04 | ||
if: github.event.repository.fork == false | ||
steps: | ||
- name: Checkout | ||
# https://github.com/actions/checkout/releases | ||
# v3.5.3 | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | ||
|
||
- name: Cache Coursier cache | ||
# https://github.com/coursier/cache-action/releases | ||
# v6.4.3 | ||
uses: coursier/cache-action@566e01fea33492e5a89706b43fb0d3fc884154f9 | ||
|
||
- name: Set up JDK 11 and sbt | ||
# https://github.com/coursier/setup-action/releases | ||
# v1.3.3 | ||
uses: coursier/setup-action@6a582d7f7292a865e72c497ca64c3ef447cdb6c7 | ||
with: | ||
jvm: adopt:11 | ||
|
||
- name: FOSSA policy check | ||
run: |- | ||
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | ||
echo '--- List targets ---' | ||
fossa list-targets | ||
echo '--- Run Fossa on the maven-plugin ---' | ||
fossa analyze --only-path dev/maven-plugin -p lagom-maven-plugin | ||
echo '--- Run Fossa on the sbt-plugin ---' | ||
fossa analyze --only-path dev/sbt-plugin -p lagom-sbt-plugin | ||
echo '--- Run Fossa on the sbt-scripted-library ---' | ||
fossa analyze --only-path dev/sbt-scripted-library -p lagom-sbt-scripted-library | ||
echo '--- Run Fossa on the sbt-scripted-tools ---' | ||
fossa analyze --only-path dev/sbt-scripted-tools -p lagom-sbt-scripted-tools | ||
echo '--- Run Fossa on the build-tool-support ---' | ||
fossa analyze --only-path dev/build-tool-support -p lagom-build-tool-support | ||
echo '--- Run Fossa on the cluster module ---' | ||
fossa analyze --only-path cluster -p lagom-cluster | ||
echo '--- Run Fossa on the akka-management module ---' | ||
fossa analyze --only-path akka-management -p lagom-akka-management | ||
echo '--- Run Fossa on the akka-service-locator module ---' | ||
fossa analyze --only-path akka-service-locator -p lagom-akka-service-locator | ||
echo '--- Run Fossa on the cassandra-server module ---' | ||
fossa analyze --only-path dev/cassandra-server -p lagom-cassandra-server | ||
echo '--- Run Fossa on the kafka-server module ---' | ||
fossa analyze --only-path dev/kafka-server -p lagom-kafka-server | ||
echo '--- Run Fossa on the reloadable-server module ---' | ||
fossa analyze --only-path dev/reloadable-server -p lagom-reloadable-server | ||
echo '--- Run Fossa on the dev-mode-ssl-support module ---' | ||
fossa analyze --only-path dev/dev-mode-ssl-support -p lagom-dev-mode-ssl-support | ||
echo '--- Run Fossa on the service-registry module ---' | ||
fossa analyze --only-path dev/service-registry -p lagom-service-registry | ||
echo '--- Run Fossa on the persistence module ---' | ||
fossa analyze --only-path persistence -p lagom-persistence | ||
echo '--- Run Fossa on the persistence-cassandra module ---' | ||
fossa analyze --only-path persistence-cassandra -p lagom-persistence-cassandra | ||
echo '--- Run Fossa on the persistence-jdbc module ---' | ||
fossa analyze --only-path persistence-jdbc -p lagom-persistence-jdbc | ||
echo '--- Run Fossa on the persistence-jpa module ---' | ||
fossa analyze --only-path persistence-jpa -p lagom-persistence-jpa | ||
echo '--- Run Fossa on the pubsub module ---' | ||
fossa analyze --only-path pubsub -p lagom-pubsub | ||
echo '--- Run Fossa on the projection module ---' | ||
fossa analyze --only-path projection -p lagom-projection | ||
echo '--- Run Fossa on the service module ---' | ||
fossa analyze --only-path service -p lagom-service | ||
echo '--- Run Fossa on the testkit module ---' | ||
fossa analyze --only-path testkit -p lagom-testkit | ||
echo '--- Run Fossa on all of Lagom ---' | ||
fossa analyze -p lagom-all | ||
env: | ||
FOSSA_API_KEY: "${{secrets.FOSSA_API_KEY}}" | ||
FOSSA_TELEMETRY_SCOPE: off |