nuget package reference check #729

Workflow file for this run

.github/workflows/nuget-reference-check.yml at 1e462ce

	name: "nuget package reference check"

	on:
	push:
	pull_request:
	schedule:
	- cron: '0 8 * * *'

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6.0.2
	with:
	fetch-depth: 2

	- name: Setup .NET Environment
	uses: actions/setup-dotnet@v5.1.0
	with:
	dotnet-version: 10.0.x

	- name: add DevExpress nuget feed
	run: dotnet nuget add source https://nuget.devexpress.com/api -n DXFeed -u DevExpress -p ${{ secrets.DEVEXPRESS_NUGET_KEY }} --store-password-in-clear-text

	- name: Install dependencies
	run: dotnet restore CDP4-SDK.sln

	- name: Build
	run: dotnet build CDP4-SDK.sln --no-restore /p:ContinuousIntegrationBuild=true

	- name: Check for outdated packages
	id: outdated
	run: \|
	set -e
	dotnet list CDP4-SDK.sln package --outdated --include-transitive > outdated.log
	if [ -s outdated.log ]; then
	echo "Outdated packages found"
	echo "outdated=true" >> $GITHUB_OUTPUT
	else
	echo "No outdated packages found"
	echo "outdated=false" >> $GITHUB_OUTPUT
	fi

	- name: Check for deprecated packages
	id: deprecated
	run: \|
	set -e
	dotnet list CDP4-SDK.sln package --deprecated --include-transitive > deprecated.log
	if [ -s deprecated.log ]; then
	echo "Deprecated packages found"
	echo "deprecated=true" >> $GITHUB_OUTPUT
	else
	echo "No deprecated packages found"
	echo "deprecated=false" >> $GITHUB_OUTPUT
	fi

	- name: Check for vulnerable packages
	id: vulnerable
	run: \|
	set -e
	dotnet list CDP4-SDK.sln package --vulnerable --include-transitive > vulnerabilities.log
	if grep -q -i "\bcritical\b\\|\bhigh\b\\|\bmoderate\b\\|\blow\b" vulnerabilities.log; then
	echo "Security Vulnerabilities found"
	echo "vulnerable=true" >> $GITHUB_OUTPUT
	else
	echo "No Security Vulnerabilities found"
	echo "vulnerable=false" >> $GITHUB_OUTPUT
	fi

	- name: Upload logs as artifacts
	if: steps.outdated.outputs.outdated == 'true' \|\| steps.deprecated.outputs.deprecated == 'true' \|\| steps.vulnerable.outputs.vulnerable == 'true'
	uses: actions/upload-artifact@v4
	with:
	name: nuget-package-logs
	path: \|
	outdated.log
	deprecated.log
	vulnerabilities.log

	- name: Create or update GitHub Issue if issues found
	if: steps.outdated.outputs.outdated == 'true' \|\| steps.deprecated.outputs.deprecated == 'true' \|\| steps.vulnerable.outputs.vulnerable == 'true'
	uses: actions/github-script@v6
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const fs = require('fs');

	// Function to truncate log files
	function truncateLog(logPath, maxLength = 20000) {
	try {
	const log = fs.readFileSync(logPath, 'utf8');
	if (log.length > maxLength) {
	return log.substring(0, maxLength) + `\n\nLog truncated. [Download full log from workflow artifacts](#artifacts).`;
	}
	return log;
	} catch (err) {
	return `Error reading log: ${err.message}`;
	}
	}

	let issueBody = `### NuGet Package Issues Detected in [CDP4-SDK](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY})\n\n`;

	if ('${{ steps.outdated.outputs.outdated }}' === 'true') {
	const outdatedLog = truncateLog('outdated.log');
	issueBody += `#### Outdated Packages\n\`\`\`\n${outdatedLog}\n\`\`\`\n\n`;
	}

	if ('${{ steps.deprecated.outputs.deprecated }}' === 'true') {
	const deprecatedLog = truncateLog('deprecated.log');
	issueBody += `#### Deprecated Packages\n\`\`\`\n${deprecatedLog}\n\`\`\`\n\n`;
	}

	if ('${{ steps.vulnerable.outputs.vulnerable }}' === 'true') {
	const vulnerabilitiesLog = truncateLog('vulnerabilities.log');
	issueBody += `#### Vulnerable Packages\n\`\`\`\n${vulnerabilitiesLog}\n\`\`\`\n\n`;
	}

	issueBody += `Action Required: Please review and update the affected packages.\n\n`;
	issueBody += `### Artifacts\n- [Download full logs from this workflow run](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}) (attached as artifacts).`;

	const issueTitle = 'NuGet Package Issues Detected';
	const { data: issues } = await github.rest.issues.listForRepo({
	owner: context.repo.owner,
	repo: context.repo.repo,
	state: 'open',
	});

	const existingIssue = issues.find(issue => issue.title === issueTitle);

	if (existingIssue) {
	await github.rest.issues.update({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: existingIssue.number,
	body: issueBody,
	});
	} else {
	await github.rest.issues.create({
	owner: context.repo.owner,
	repo: context.repo.repo,
	title: issueTitle,
	body: issueBody,
	labels: ['dependencies', 'maintenance'],
	});
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nuget package reference check #729

Workflow file

nuget package reference check #729

Uh oh!

Workflow file for this run