diff --git a/.github/workflows/nuget-vulnerabilities.yml b/.github/workflows/nuget-vulnerabilities.yml new file mode 100644 index 0000000..1cdcd78 --- /dev/null +++ b/.github/workflows/nuget-vulnerabilities.yml @@ -0,0 +1,39 @@ +name: NuGet vulnerabilities + +on: + schedule: + - cron: "0 0 * * 1-5" + push: + branches: [ master ] + pull_request: + branches: [ master ] + +env: + DOTNET_NOLOGO: true + DOTNET_CLI_TELEMETRY_OPTOUT: true + DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true + +jobs: + nuget-vulnerabilities: + name: NuGet vulnerabilities + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3.0.2 + - uses: actions/setup-dotnet@v2.1.0 + + - name: Restore dependencies + run: dotnet restore + + - name: Check vulnerable packages + id: packages + run: | + packages=$(dotnet list package --include-transitive --vulnerable) + echo "PACKAGES<> $GITHUB_ENV + echo "$packages" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "$packages" + + - name: Found vulnerable packages + run: exit 1 + if: ${{ contains(env.PACKAGES, 'has the following vulnerable packages') }} diff --git a/NordigenDotNet.sln b/NordigenDotNet.sln index 0f72747..ca86611 100644 --- a/NordigenDotNet.sln +++ b/NordigenDotNet.sln @@ -35,6 +35,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "workflows", "workflows", "{ ProjectSection(SolutionItems) = preProject .github\workflows\test.yml = .github\workflows\test.yml .github\workflows\release.yml = .github\workflows\release.yml + .github\workflows\nuget-vulnerabilities.yml = .github\workflows\nuget-vulnerabilities.yml EndProjectSection EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMelnalksnis.NordigenDotNet.Tests", "tests\VMelnalksnis.NordigenDotNet.Tests\VMelnalksnis.NordigenDotNet.Tests.csproj", "{B01186E2-7A80-4117-BC89-C345B0221ECE}"