a4bd54da90
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](https://github.com/actions/setup-dotnet/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: actions/setup-dotnet dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
44 lines
984 B
YAML
44 lines
984 B
YAML
name: NuGet vulnerabilities
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 0 * * 1-5"
|
|
|
|
push:
|
|
branches: [ master ]
|
|
paths-ignore:
|
|
- '**.md'
|
|
|
|
pull_request:
|
|
branches: [ master ]
|
|
paths-ignore:
|
|
- '**.md'
|
|
|
|
env:
|
|
DOTNET_NOLOGO: true
|
|
DOTNET_CLI_TELEMETRY_OPTOUT: true
|
|
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
|
|
|
|
jobs:
|
|
nuget-vulnerabilities:
|
|
name: NuGet vulnerabilities
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3.1.0
|
|
- uses: actions/setup-dotnet@v3.0.1
|
|
- run: dotnet restore
|
|
|
|
- name: Check vulnerable packages
|
|
id: packages
|
|
run: |
|
|
packages=$(dotnet list package --include-transitive --vulnerable)
|
|
echo "PACKAGES<<EOF" >> $GITHUB_ENV
|
|
echo "$packages" >> $GITHUB_ENV
|
|
echo "EOF" >> $GITHUB_ENV
|
|
echo "$packages"
|
|
|
|
- name: Found vulnerable packages
|
|
run: exit 1
|
|
if: ${{ contains(env.PACKAGES, 'has the following vulnerable packages') }}
|