Files
NordigenDotNet/.github/workflows/nuget-vulnerabilities.yml
T
dependabot[bot] a4bd54da90 build(deps): Bump actions/setup-dotnet from 3.0.0 to 3.0.1
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](https://github.com/actions/setup-dotnet/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-06 19:23:56 +03:00

44 lines
984 B
YAML

name: NuGet vulnerabilities
on:
schedule:
- cron: "0 0 * * 1-5"
push:
branches: [ master ]
paths-ignore:
- '**.md'
pull_request:
branches: [ master ]
paths-ignore:
- '**.md'
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
jobs:
nuget-vulnerabilities:
name: NuGet vulnerabilities
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
- uses: actions/setup-dotnet@v3.0.1
- run: dotnet restore
- name: Check vulnerable packages
id: packages
run: |
packages=$(dotnet list package --include-transitive --vulnerable)
echo "PACKAGES<<EOF" >> $GITHUB_ENV
echo "$packages" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
echo "$packages"
- name: Found vulnerable packages
run: exit 1
if: ${{ contains(env.PACKAGES, 'has the following vulnerable packages') }}