Bump the actions-dependencies group with 2 updates #814
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Dependency Review' | |
| on: [pull_request, push, workflow_dispatch] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| # https://www.meziantou.net/how-to-cancel-github-workflows-when-pushing-new-commits-on-a-branch.htm | |
| concurrency: | |
| # pull request number or branch name if not a pull request | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| dependency-review: | |
| if: github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout Repository' | |
| uses: actions/[email protected] | |
| - name: 'Dependency Review' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| base-ref: master | |
| head-ref: master | |
| fail-on-severity: high | |
| comment-summary-in-pr: always | |
| - name: Set up .NET | |
| uses: actions/[email protected] | |
| with: | |
| global-json-file: global.json | |
| cache: true | |
| cache-dependency-path: '**/packages.lock.json' | |
| - name: Check for vulnerable packages | |
| run: | | |
| set -e # This will cause the script to exit on the first error | |
| dotnet restore --force-evaluate | |
| OUTPUT=$(dotnet list package --vulnerable --include-transitive) | |
| echo "$OUTPUT" | |
| if echo "$OUTPUT" | grep -q 'Vulnerable'; then | |
| echo "Vulnerable packages found" | |
| exit 1 | |
| else | |
| echo "No vulnerable packages found" | |
| fi |