-
Notifications
You must be signed in to change notification settings - Fork 33
51 lines (43 loc) · 1.74 KB
/
Dependencies Security Scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# SPDX-License-Identifier: Apache-2.0
# Licensed to the Ed-Fi Alliance under one or more agreements.
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
# See the LICENSE and NOTICES files in the project root for more information.
name: Dependency Review Pull request
on:
pull_request:
branches: [main, 'b-v*-patch*','feature-*']
types: [opened, synchronize, reopened, unlabeled]
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
HEAD_REF: ${{ GITHUB.HEAD_REF }}
REF_NAME: ${{ GITHUB.REF_NAME }}
REPOSITORY_DISPATCH_BRANCH: ${{ github.event.client_payload.branch }}
jobs:
scan-actions:
name: Scan Actions
uses: ed-fi-alliance-oss/ed-fi-actions/.github/workflows/repository-scanner.yml@main
analyze-code:
name: Analyze Code Dependencies
runs-on: ubuntu-24.04
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
- name: Checkout Ed-Fi-ODS-Implementation
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
repository: Ed-Fi-Alliance-OSS/Ed-Fi-ODS-Implementation
path: Ed-Fi-ODS-Implementation/
- name: Is pull request branch exists in Ed-Fi-ODS-Implementation
working-directory: ./Ed-Fi-ODS-Implementation/
shell: pwsh
run: |
.\build.githubactions.ps1 CheckoutBranch -RelativeRepoPath "."
- name: Dependency Review ("Dependabot on PR")
uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3