feat(build): Check transitive NuGet dependencies

VMelnalksnis · Aug 2, 2022 · f9df0a4 · f9df0a4
1 parent f769ee5
commit f9df0a4
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/.github/workflows/nuget-vulnerabilities.yml b/.github/workflows/nuget-vulnerabilities.yml
@@ -0,0 +1,39 @@
+name: NuGet vulnerabilities
+
+on:
+  schedule:
+    - cron: "0 0 * * 1-5"
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+
+jobs:
+  nuget-vulnerabilities:
+    name: NuGet vulnerabilities
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3.0.2
+      - uses: actions/setup-dotnet@v2.1.0
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Check vulnerable packages
+        id: packages
+        run: |
+          packages=$(dotnet list package --include-transitive --vulnerable)
+          echo "PACKAGES<<EOF" >> $GITHUB_ENV
+          echo "$packages" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+          echo "$packages"
+
+      - name: Found vulnerable packages
+        run: exit 1
+        if: ${{ contains(env.PACKAGES, 'has the following vulnerable packages') }}
diff --git a/NordigenDotNet.sln b/NordigenDotNet.sln
@@ -35,6 +35,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "workflows", "workflows", "{
 	ProjectSection(SolutionItems) = preProject
 		.github\workflows\test.yml = .github\workflows\test.yml
 		.github\workflows\release.yml = .github\workflows\release.yml
+		.github\workflows\nuget-vulnerabilities.yml = .github\workflows\nuget-vulnerabilities.yml
 	EndProjectSection
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMelnalksnis.NordigenDotNet.Tests", "tests\VMelnalksnis.NordigenDotNet.Tests\VMelnalksnis.NordigenDotNet.Tests.csproj", "{B01186E2-7A80-4117-BC89-C345B0221ECE}"