Skip to content
Security

Creating a working example for contract calls #13119

Sign in to view logs

Creating a working example for contract calls

Creating a working example for contract calls #13119

Workflow file for this run

.github/workflows/security.yml at bec76bd
name: Security
on:
pull_request:
branches: [ main, release/** ]
push:
branches: [ main, release/** ]
tags: [ v* ]
jobs:
dependencies:
name: Dependency check
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Vulnerability check
uses: gradle/gradle-build-action@v2
with:
arguments: dependencyCheckAggregate
- name: Upload report
if: failure()
uses: actions/upload-artifact@v3
with:
name: dependency-check-report
path: build/reports/dependency-check-report.html
sonar:
if: github.event_name == 'push' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
name: SonarCloud
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Cache SonarCloud dependencies
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Execute Gradle
uses: gradle/gradle-build-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
arguments: sonar -x test
snyk:
if: github.event_name == 'push' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
name: Snyk Open Source
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install JDK
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 17
- name: Setup Snyk
run: npm install -g snyk-to-html @wcj/html-to-markdown-cli
- name: Execute Gradle Snyk Test
uses: gradle/gradle-build-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
arguments: snyk-test
- name: Publish Snyk Results
continue-on-error: true
if: ${{ !cancelled() && always() }}
run: |
report="build/reports/snyk-test"
if [[ -f ${report}.json ]]; then
snyk-to-html -i ${report}.json -o ${report}.html && \
html-to-markdown ${report}.html -o build/reports && \
cat ${report}.html.md >> $GITHUB_STEP_SUMMARY
fi
snyk-code:
if: github.event_name == 'push' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
name: Snyk Code
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install JDK
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 17
- name: Setup Snyk
run: npm install -g snyk-to-html @wcj/html-to-markdown-cli
- name: Execute Gradle Snyk Code Test
uses: gradle/gradle-build-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
arguments: snyk-code
- name: Publish Snyk Results
continue-on-error: true
if: ${{ !cancelled() && always() }}
run: |
report="build/reports/snyk-code"
if [[ -f ${report}.json ]]; then
snyk-to-html -i ${report}.json -o ${report}.html && \
html-to-markdown ${report}.html -o build/reports && \
cat ${report}.html.md >> $GITHUB_STEP_SUMMARY
fi
snyk-monitor:
if: github.event_name == 'push' && github.ref_name == 'main'
name: Snyk Monitor
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install JDK
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 17
- name: Execute Gradle Snyk Monitor
uses: gradle/gradle-build-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
arguments: snyk-monitor