Files
govoplan-core/.gitea/workflows/dependency-audit.yml
Albrecht Degering 94236a7d7e
Some checks failed
Dependency Audit / dependency-audit (push) Failing after 50s
Module Matrix / module-matrix (push) Failing after 49s
Prepare GovOPlaN self-hosted release workflow
2026-07-10 21:57:22 +02:00

53 lines
1.9 KiB
YAML

name: Dependency Audit
on:
pull_request:
push:
branches:
- main
schedule:
- cron: "23 3 * * 1"
jobs:
dependency-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- uses: actions/setup-node@v4
with:
node-version: "22"
- name: Configure SSH for release dependencies
env:
GOVOPLAN_RELEASE_SSH_KEY: ${{ secrets.GOVOPLAN_RELEASE_SSH_KEY }}
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
if [ -z "${GOVOPLAN_RELEASE_SSH_KEY:-}" ]; then
echo "GOVOPLAN_RELEASE_SSH_KEY secret is required for git+ssh release dependencies."
exit 1
fi
printf '%s\n' "$GOVOPLAN_RELEASE_SSH_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
if ! command -v ssh-keyscan >/dev/null 2>&1; then
apt-get update
apt-get install -y openssh-client
fi
ssh-keyscan -4 -H git.add-ideas.de >> ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
- name: Install backend dev audit dependencies
run: |
python -m venv .venv
.venv/bin/python -m pip install --upgrade pip
.venv/bin/python -m pip install -r requirements-release.txt
.venv/bin/python -m pip install 'pip-audit>=2.9,<3'
- name: Install WebUI release dependencies
working-directory: webui
run: |
node -e "const fs=require('fs'); const pkg=JSON.parse(fs.readFileSync('package.json')); const rel=JSON.parse(fs.readFileSync('package.release.json')); pkg.dependencies=rel.dependencies; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');"
npm install
- name: Run dependency audits
run: bash scripts/check-dependency-audits.sh