[Update] CodeQuality GH action to EXCLUDED_CATEGORIES: "WebServicesDe… #712
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "nuget package reference check" | |
| on: | |
| push: | |
| pull_request: | |
| schedule: | |
| - cron: '0 8 * * *' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup .NET Environment | |
| uses: actions/setup-dotnet@v5.1.0 | |
| with: | |
| dotnet-version: 10.0.x | |
| - name: add DevExpress nuget feed | |
| run: dotnet nuget add source https://nuget.devexpress.com/api -n DXFeed -u DevExpress -p ${{ secrets.DEVEXPRESS_NUGET_KEY }} --store-password-in-clear-text | |
| - name: Install dependencies | |
| run: dotnet restore CDP4-SDK.sln | |
| - name: Build | |
| run: dotnet build CDP4-SDK.sln --no-restore /p:ContinuousIntegrationBuild=true | |
| - name: Check for outdated packages | |
| id: outdated | |
| run: | | |
| set -e | |
| dotnet list CDP4-SDK.sln package --outdated --include-transitive > outdated.log | |
| if [ -s outdated.log ]; then | |
| echo "Outdated packages found" | |
| echo "outdated=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No outdated packages found" | |
| echo "outdated=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check for deprecated packages | |
| id: deprecated | |
| run: | | |
| set -e | |
| dotnet list CDP4-SDK.sln package --deprecated --include-transitive > deprecated.log | |
| if [ -s deprecated.log ]; then | |
| echo "Deprecated packages found" | |
| echo "deprecated=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No deprecated packages found" | |
| echo "deprecated=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check for vulnerable packages | |
| id: vulnerable | |
| run: | | |
| set -e | |
| dotnet list CDP4-SDK.sln package --vulnerable --include-transitive > vulnerabilities.log | |
| if grep -q -i "\bcritical\b\|\bhigh\b\|\bmoderate\b\|\blow\b" vulnerabilities.log; then | |
| echo "Security Vulnerabilities found" | |
| echo "vulnerable=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No Security Vulnerabilities found" | |
| echo "vulnerable=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Upload logs as artifacts | |
| if: steps.outdated.outputs.outdated == 'true' || steps.deprecated.outputs.deprecated == 'true' || steps.vulnerable.outputs.vulnerable == 'true' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nuget-package-logs | |
| path: | | |
| outdated.log | |
| deprecated.log | |
| vulnerabilities.log | |
| - name: Create or update GitHub Issue if issues found | |
| if: steps.outdated.outputs.outdated == 'true' || steps.deprecated.outputs.deprecated == 'true' || steps.vulnerable.outputs.vulnerable == 'true' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const fs = require('fs'); | |
| // Function to truncate log files | |
| function truncateLog(logPath, maxLength = 20000) { | |
| try { | |
| const log = fs.readFileSync(logPath, 'utf8'); | |
| if (log.length > maxLength) { | |
| return log.substring(0, maxLength) + `\n\n**Log truncated. [Download full log from workflow artifacts](#artifacts).**`; | |
| } | |
| return log; | |
| } catch (err) { | |
| return `Error reading log: ${err.message}`; | |
| } | |
| } | |
| let issueBody = `### NuGet Package Issues Detected in [CDP4-SDK](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY})\n\n`; | |
| if ('${{ steps.outdated.outputs.outdated }}' === 'true') { | |
| const outdatedLog = truncateLog('outdated.log'); | |
| issueBody += `#### Outdated Packages\n\`\`\`\n${outdatedLog}\n\`\`\`\n\n`; | |
| } | |
| if ('${{ steps.deprecated.outputs.deprecated }}' === 'true') { | |
| const deprecatedLog = truncateLog('deprecated.log'); | |
| issueBody += `#### Deprecated Packages\n\`\`\`\n${deprecatedLog}\n\`\`\`\n\n`; | |
| } | |
| if ('${{ steps.vulnerable.outputs.vulnerable }}' === 'true') { | |
| const vulnerabilitiesLog = truncateLog('vulnerabilities.log'); | |
| issueBody += `#### Vulnerable Packages\n\`\`\`\n${vulnerabilitiesLog}\n\`\`\`\n\n`; | |
| } | |
| issueBody += `**Action Required:** Please review and update the affected packages.\n\n`; | |
| issueBody += `### Artifacts\n- [Download full logs from this workflow run](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}) (attached as artifacts).`; | |
| const issueTitle = 'NuGet Package Issues Detected'; | |
| const { data: issues } = await github.rest.issues.listForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'open', | |
| }); | |
| const existingIssue = issues.find(issue => issue.title === issueTitle); | |
| if (existingIssue) { | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: existingIssue.number, | |
| body: issueBody, | |
| }); | |
| } else { | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: issueTitle, | |
| body: issueBody, | |
| labels: ['dependencies', 'maintenance'], | |
| }); | |
| } |