Skip to content

Report Security Issues #986

Report Security Issues

Report Security Issues #986

# This file was generated by Project Keeper.
name: Report Security Issues
on:
workflow_dispatch: null
schedule:
- {
cron: 0 2 * * *
}
jobs:
report_security_issues:
runs-on: ubuntu-latest
defaults:
run: {
shell: bash
}
permissions: {
contents: read,
issues: write
}
outputs: {
created-issues: '${{ steps.security-issues.outputs.created-issues }}'
}
concurrency: {
group: '${{ github.workflow }}-report_security_issues',
cancel-in-progress: true
}
steps:
- {
name: Checkout,
id: checkout,
uses: actions/checkout@v4
}
- name: Set up JDKs
id: setup-jdks
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: |
11
17
cache: maven
- name: Generate ossindex report
id: ossindex-report
run: |
mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
-Dossindex.reportFile=$(pwd)/ossindex-report.json \
-Dossindex.fail=false
- name: Report Security Issues
id: security-issues
uses: exasol/python-toolbox/.github/actions/security-issues@main
with: {
format: maven,
command: cat ossindex-report.json,
github-token: '${{ secrets.GITHUB_TOKEN }}'
}
- name: Output security issues (Debugging)
id: debug-print-security-issues
run: |
echo "$CREATED_ISSUES" > test.jsonl
cat test.jsonl
env: {
CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}'
}
start_dependency_udpate:
needs: report_security_issues
if: ${{ needs.report_security_issues.outputs.created-issues }}
concurrency: {
group: '${{ github.workflow }}-start_dependency_update',
cancel-in-progress: false
}
secrets: inherit
permissions: {
contents: write,
pull-requests: write
}
uses: ./.github/workflows/dependencies_update.yml
with: {
vulnerability_issues: '${{ needs.report_security_issues.outputs.created-issues }}'
}