From 410a3a4edcd0117da468f277b7f00929878bd377 Mon Sep 17 00:00:00 2001 From: EddeCCC Date: Fri, 29 Nov 2024 17:50:53 +0100 Subject: [PATCH] add cron job --- .github/workflows/security_check.yml | 44 ++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/security_check.yml diff --git a/.github/workflows/security_check.yml b/.github/workflows/security_check.yml new file mode 100644 index 0000000..081ff89 --- /dev/null +++ b/.github/workflows/security_check.yml @@ -0,0 +1,44 @@ +name: Automatic Security Check + +on: + schedule: + - cron: "0 8 1,15 * *" # At 08:00 on day-of-month 1 and 15 + +jobs: + security-check: + name: Security Check + runs-on: ubuntu-latest + container: openjdk:17-jdk-slim + steps: + - uses: actions/checkout@v3 + - name: Grant execute permission for gradlew + run: chmod +x gradlew + - name: build + run: ./gradlew assemble + # the action has not been updated a while, but it always uses the latest plugin version + - name: Run DependencyCheck plugin + uses: dependency-check/Dependency-Check_Action@main + id: depcheck + continue-on-error: true # we still want to upload the report + with: + project: ${{ github.repository }} + path: '.' + format: 'HTML' + out: 'reports' + args: > + --failOnCVSS 6 + --disableAssembly + --nvdApiKey ${{ secrets.NVD_API_KEY }} + --nvdApiDelay 10000 + - name: Upload test results + uses: actions/upload-artifact@v4 + with: + name: dependency-check-report-dwh-exporter + path: ${{ github.workspace }}/reports + - name: Send Notification + uses: slackapi/slack-github-action@v2.0.0 + with: + webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + webhook-type: incoming-webhook + payload: | + text: "*DWH-Exporter Dependency-Check Report*: ${{ job.status }}\nPlease check the report here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"