nuget package reference check #487
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "nuget package reference check" | |
| on: | |
| push: | |
| pull_request: | |
| schedule: | |
| - cron: '0 8 * * *' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup .NET Environment | |
| uses: actions/setup-dotnet@v5.1.0 | |
| with: | |
| dotnet-version: 10.0.x | |
| - name: Install dependencies | |
| run: dotnet restore EcoreNetto.sln | |
| - name: Build | |
| run: dotnet build EcoreNetto.sln --no-restore /p:ContinuousIntegrationBuild=true | |
| - name: Check for outdated packages | |
| id: outdated | |
| run: | | |
| set -e | |
| dotnet list EcoreNetto.sln package --outdated --include-transitive > outdated.log | |
| if [ -s outdated.log ]; then | |
| echo "Outdated packages found" | |
| echo "outdated=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No outdated packages found" | |
| echo "outdated=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check for deprecated packages | |
| id: deprecated | |
| run: | | |
| set -e | |
| dotnet list EcoreNetto.sln package --deprecated --include-transitive > deprecated.log | |
| if [ -s deprecated.log ]; then | |
| echo "Deprecated packages found" | |
| echo "deprecated=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No deprecated packages found" | |
| echo "deprecated=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check for vulnerable packages | |
| id: vulnerable | |
| run: | | |
| set -e | |
| dotnet list EcoreNetto.sln package --vulnerable --include-transitive > vulnerabilities.log | |
| if grep -q -i "\bcritical\b\|\bhigh\b\|\bmoderate\b\|\blow\b" vulnerabilities.log; then | |
| echo "Security Vulnerabilities found" | |
| echo "vulnerable=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No Security Vulnerabilities found" | |
| echo "vulnerable=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create GitHub Issue if issues found | |
| if: steps.outdated.outputs.outdated == 'true' || steps.deprecated.outputs.deprecated == 'true' || steps.vulnerable.outputs.vulnerable == 'true' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const fs = require('fs'); | |
| let issueBody = `### NuGet Package Issues Detected in [EcoreNetto](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY})\n\n`; | |
| if ('${{ steps.outdated.outputs.outdated }}' === 'true') { | |
| const outdatedLog = fs.readFileSync('outdated.log', 'utf8'); | |
| issueBody += `#### Outdated Packages\n\`\`\`\n${outdatedLog}\n\`\`\`\n\n`; | |
| } | |
| if ('${{ steps.deprecated.outputs.deprecated }}' === 'true') { | |
| const deprecatedLog = fs.readFileSync('deprecated.log', 'utf8'); | |
| issueBody += `#### Deprecated Packages\n\`\`\`\n${deprecatedLog}\n\`\`\`\n\n`; | |
| } | |
| if ('${{ steps.vulnerable.outputs.vulnerable }}' === 'true') { | |
| const vulnerabilitiesLog = fs.readFileSync('vulnerabilities.log', 'utf8'); | |
| issueBody += `#### Vulnerable Packages\n\`\`\`\n${vulnerabilitiesLog}\n\`\`\`\n\n`; | |
| } | |
| issueBody += '**Action Required:** Please review and update the affected packages.'; | |
| const issueTitle = 'NuGet Package Issues Detected'; | |
| const { data: issues } = await github.rest.issues.listForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'open', | |
| }); | |
| const existingIssue = issues.find(issue => issue.title === issueTitle); | |
| if (existingIssue) { | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: existingIssue.number, | |
| body: `New check results:\n${issueBody}`, | |
| }); | |
| } else { | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: issueTitle, | |
| body: issueBody, | |
| labels: ['dependencies', 'maintenance'], | |
| }); | |
| } |