Skip to content

Added check for vulnerable packages to GitHub Actions #62

Added check for vulnerable packages to GitHub Actions

Added check for vulnerable packages to GitHub Actions #62

Workflow file for this run

name: build
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
6.0.x
7.0.x
8.0.x
- name: Install dependencies
run: dotnet restore
- name: Check for vulnerable packages
run: |
set -e # This will cause the script to exit on the first error
OUTPUT=$(dotnet list package --vulnerable)
echo "$OUTPUT"
if echo "$OUTPUT" | grep -q 'no vulnerable packages'; then
echo "No vulnerable packages found"
else
if echo "$OUTPUT" | grep -q 'vulnerable'; then
echo "Vulnerable packages found"
exit 1
fi
fi
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
- name: Pack Elmah.Io.AspNetCore
run: dotnet pack --configuration Release src/Elmah.Io.AspNetCore/Elmah.Io.AspNetCore.csproj /p:Version=5.1.${{ github.run_number }}-pre
- name: Pack Elmah.Io.AspNetCore.TagHelpers
run: dotnet pack --configuration Release src/Elmah.Io.AspNetCore.TagHelpers/Elmah.Io.AspNetCore.TagHelpers.csproj /p:Version=5.1.${{ github.run_number }}-pre
- name: Pack Elmah.Io.AspNetCore.HealthChecks
run: dotnet pack --configuration Release src/Elmah.Io.AspNetCore.HealthChecks/Elmah.Io.AspNetCore.HealthChecks.csproj /p:Version=5.1.${{ github.run_number }}-pre
- name: Install dotnet-validate
run: dotnet tool install --global dotnet-validate --version 0.0.1-preview.304
- name: Validate Elmah.Io.AspNetCore
run: dotnet-validate package local src/Elmah.Io.AspNetCore/bin/Release/Elmah.Io.AspNetCore.5.1.${{ github.run_number }}-pre.nupkg
- name: Validate Elmah.Io.AspNetCore.TagHelpers
run: dotnet-validate package local src/Elmah.Io.AspNetCore.TagHelpers/bin/Release/Elmah.Io.AspNetCore.TagHelpers.5.1.${{ github.run_number }}-pre.nupkg
- name: Validate Elmah.Io.AspNetCore.HealthChecks
run: dotnet-validate package local src/Elmah.Io.AspNetCore.HealthChecks/bin/Release/Elmah.Io.AspNetCore.HealthChecks.5.1.${{ github.run_number }}-pre.nupkg
- name: Push Elmah.Io.AspNetCore to nuget.org
run: dotnet nuget push src/Elmah.Io.AspNetCore/bin/Release/Elmah.Io.AspNetCore.5.1.${{ github.run_number }}-pre.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json
if: ${{ github.event_name == 'push' }}
- name: Push Elmah.Io.AspNetCore.TagHelpers to nuget.org
run: dotnet nuget push src/Elmah.Io.AspNetCore.TagHelpers/bin/Release/Elmah.Io.AspNetCore.TagHelpers.5.1.${{ github.run_number }}-pre.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json
if: ${{ github.event_name == 'push' }}
- name: Push Elmah.Io.AspNetCore.HealthChecks to nuget.org
run: dotnet nuget push src/Elmah.Io.AspNetCore.HealthChecks/bin/Release/Elmah.Io.AspNetCore.HealthChecks.5.1.${{ github.run_number }}-pre.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json
if: ${{ github.event_name == 'push' }}