|
| 1 | +# Portions of this file contributed by NIST are governed by the |
| 2 | +# following statement: |
| 3 | +# |
| 4 | +# This software was developed at the National Institute of Standards |
| 5 | +# and Technology by employees of the Federal Government in the course |
| 6 | +# of their official duties. Pursuant to Title 17 Section 105 of the |
| 7 | +# United States Code, this software is not subject to copyright |
| 8 | +# protection within the United States. NIST assumes no responsibility |
| 9 | +# whatsoever for its use by other parties, and makes no guarantees, |
| 10 | +# expressed or implied, about its quality, reliability, or any other |
| 11 | +# characteristic. |
| 12 | +# |
| 13 | +# We would appreciate acknowledgement if the software is used. |
| 14 | + |
| 15 | +# This workflow uses Make to review direct dependencies of this |
| 16 | +# repository. |
| 17 | + |
| 18 | +name: Supply Chain |
| 19 | + |
| 20 | +on: |
| 21 | + schedule: |
| 22 | + - cron: '15 5 * * 1,2,3,4,5' |
| 23 | + |
| 24 | +jobs: |
| 25 | + build: |
| 26 | + |
| 27 | + runs-on: ubuntu-latest |
| 28 | + strategy: |
| 29 | + matrix: |
| 30 | + python-version: |
| 31 | + - '3.9' |
| 32 | + - '3.13' |
| 33 | + |
| 34 | + steps: |
| 35 | + - uses: actions/checkout@v4 |
| 36 | + with: |
| 37 | + # This enables supply chain review against only a selected |
| 38 | + # branch. For those using the "Git-Flow" style of branching, |
| 39 | + # the ref value should be 'develop', so an upstream dependency |
| 40 | + # only relevant for, say, code formatting does not need to |
| 41 | + # induce a new commit on 'main', or a release. |
| 42 | + # https://cyberdomainontology.org/ontology/development/#branching-cdo-git-flow |
| 43 | + ref: main |
| 44 | + - name: Set up Python ${{ matrix.python-version }} |
| 45 | + uses: actions/setup-python@v5 |
| 46 | + with: |
| 47 | + python-version: ${{ matrix.python-version }} |
| 48 | + - name: Review dependencies |
| 49 | + run: make check-supply-chain |
0 commit comments