Dependency Update Check #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Update Check | |
| on: | |
| schedule: | |
| # Run every Monday at 9 AM UTC | |
| - cron: '0 9 * * 1' | |
| workflow_dispatch: # Allow manual trigger | |
| jobs: | |
| update-dependencies: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 | |
| - name: Make gradlew executable | |
| run: chmod +x ./gradlew | |
| - name: Check for dependency updates | |
| run: ./gradlew dependencyUpdates | |
| - name: Upload dependency update report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dependency-updates-report | |
| path: build/dependencyUpdates/ | |
| - name: Create dependency update summary | |
| run: | | |
| echo "# Dependency Update Check Results" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "## Summary" >> $GITHUB_STEP_SUMMARY | |
| if [ -f "build/dependencyUpdates/report.txt" ]; then | |
| echo "Dependency updates available. Check the artifacts for details." >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "No dependency update report found." >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "## Gradle Version Check" >> $GITHUB_STEP_SUMMARY | |
| ./gradlew wrapper --gradle-version=current --dry-run || echo "Gradle version check completed" >> $GITHUB_STEP_SUMMARY | |
| security-audit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 | |
| - name: Make gradlew executable | |
| run: chmod +x ./gradlew | |
| - name: Run OWASP dependency check | |
| run: ./gradlew dependencyCheckAnalyze | |
| continue-on-error: true | |
| - name: Upload OWASP report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: owasp-dependency-check | |
| path: build/reports/dependency-check/ | |
| - name: Create security summary | |
| if: always() | |
| run: | | |
| echo "# Security Audit Results" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| if [ -f "build/reports/dependency-check/dependency-check-report.html" ]; then | |
| echo "Security audit completed. Check artifacts for detailed report." >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "Security audit report not found." >> $GITHUB_STEP_SUMMARY | |
| fi |