Sulkta-OSS/element-x-ada
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Set up dependency check plugin

Browse source
This commit is contained in:
Benoit Marty 2023-01-06 17:00:05 +01:00
parent 67f3d2c959
commit d83e82b6ee
3 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
.github/workflows/quality.yml vendored
View file

@ -44,3 +44,22 @@ jobs:
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
# Fallback for forks # Fallback for forks
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin
dependency-analysis:
name: Dependency analysis
runs-on: ubuntu-latest
# Allow all jobs on main and develop. Just one per PR.
concurrency:
group: ${{ github.ref == 'refs/heads/main' && format('dep-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('dep-develop-{0}', github.sha) || format('dep-{0}', github.ref) }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v3
- name: Dependency analysis
run: ./gradlew dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES
- name: Upload dependency analysis
if: always()
uses: actions/upload-artifact@v3
with:
name: dependency-analysis
path: build/reports/dependency-check-report.html

5
build.gradle.kts
View file

@ -25,6 +25,7 @@ plugins {
alias(libs.plugins.anvil) apply false alias(libs.plugins.anvil) apply false
alias(libs.plugins.kotlin.jvm) apply false alias(libs.plugins.kotlin.jvm) apply false
alias(libs.plugins.kapt) apply false alias(libs.plugins.kapt) apply false
alias(libs.plugins.dependencycheck) apply false
alias(libs.plugins.detekt) alias(libs.plugins.detekt)
alias(libs.plugins.ktlint) alias(libs.plugins.ktlint)
alias(libs.plugins.dependencygraph) alias(libs.plugins.dependencygraph)
@ -102,4 +103,8 @@ allprojects {
) )
) )
} }
// Dependency check
apply {
plugin("org.owasp.dependencycheck")
}
} }

2
gradle/libs.versions.toml
View file

@ -50,6 +50,7 @@ showkase = "1.0.0-beta14"
compose_destinations = "1.7.23-beta" compose_destinations = "1.7.23-beta"
jsoup = "1.15.3" jsoup = "1.15.3"
seismic = "1.0.3" seismic = "1.0.3"
dependencycheck = "7.4.2"
# DI # DI
dagger = "2.43" dagger = "2.43"
@ -150,3 +151,4 @@ anvil = { id = "com.squareup.anvil", version.ref = "anvil" }
detekt = { id = "io.gitlab.arturbosch.detekt", version.ref = "detekt" } detekt = { id = "io.gitlab.arturbosch.detekt", version.ref = "detekt" }
ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint" } ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint" }
dependencygraph = { id = "com.savvasdalkitsis.module-dependency-graph", version.ref = "dependencygraph" } dependencygraph = { id = "com.savvasdalkitsis.module-dependency-graph", version.ref = "dependencygraph" }
dependencycheck = { id = "org.owasp.dependencycheck", version.ref = "dependencycheck" }