Skip to content

chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 #2945

chore(deps): bump actions/checkout from 3.6.0 to 4.0.0

chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 #2945

name: Dependency Review
on:
pull_request_target: {}
workflow_dispatch:
inputs: {}
env:
FOSSA_CLI_INSTALLER_VERSION: '3.3.10'
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4.0.0
- name: GitHub dependency vulnerability check
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/dependency-review-action@v3.0.8
with:
fail-on-severity: high
- name: FOSSA dependency license check
run: |
# `$FOSSA_CLI_INSTALLER_VERSION` only controls the version of the installer used - the latest version of `fossa-cli` will always be used.
curl --no-progress-meter -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/v${FOSSA_CLI_INSTALLER_VERSION}/install-latest.sh | bash
echo '## FOSSA dependency license check' >> $GITHUB_STEP_SUMMARY
echo '' >> $GITHUB_STEP_SUMMARY
fossa analyze --fossa-api-key ${{ secrets.MELTYBOT_FOSSA_API_KEY }} --revision ${{ github.sha }} |& tee fossa_analyze.log
fossa test --fossa-api-key ${{ secrets.MELTYBOT_FOSSA_API_KEY }} --revision ${{ github.sha }}
TEST_FAILED=$?
FOSSA_REPORT_LINK="$(grep -A 1 '[ INFO] View FOSSA Report:' fossa_analyze.log | tail -n 1 | sed -e 's/^\[ INFO\]\s*//')"
echo "[FOSSA detected $([ $TEST_FAILED -ne 0 ] && echo -n '' || echo 'no ')issues](${FOSSA_REPORT_LINK})" >> $GITHUB_STEP_SUMMARY
exit $TEST_FAILED