| name: "3rd-party" |
| |
| on: |
| push: |
| branches: |
| - /^release-.*$/ |
| pull_request: |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| dependency-check: |
| runs-on: ubuntu-latest |
| env: |
| SCRIPT_DEPENDENCY: hugegraph-server/hugegraph-dist/scripts/dependency |
| steps: |
| - name: Checkout source |
| uses: actions/checkout@v3 |
| - name: Set up JDK 11 |
| uses: actions/setup-java@v3 |
| with: |
| java-version: '11' |
| distribution: 'adopt' |
| - name: mvn install |
| run: | |
| mvn install -DskipTests=true -ntp |
| - name: generate current dependencies |
| run: | |
| bash $SCRIPT_DEPENDENCY/regenerate_known_dependencies.sh current-dependencies.txt |
| - name: check third dependencies |
| run: | |
| bash $SCRIPT_DEPENDENCY/check_dependencies.sh |
| |
| dependency-review: |
| runs-on: ubuntu-latest |
| steps: |
| - name: 'Checkout Repository' |
| uses: actions/checkout@v3 |
| - name: 'Dependency Review' |
| uses: actions/dependency-review-action@v3 |
| # Refer: https://github.com/actions/dependency-review-action |
| with: |
| fail-on-severity: low |
| # Action will fail if dependencies don't match the list |
| #allow-licenses: Apache-2.0, MIT |
| #deny-licenses: GPL-3.0, AGPL-1.0, AGPL-3.0, LGPL-2.0, CC-BY-3.0 |