From 6877cdf8ffae5f53582a0972f52031d29b859af2 Mon Sep 17 00:00:00 2001 From: cz-dev-ge <67101763+cd-dev-ge@users.noreply.github.com> Date: Mon, 16 Dec 2024 15:48:49 +0100 Subject: [PATCH 1/4] Create foss-scan.yml --- .github/workflows/foss-scan.yml | 39 +++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/foss-scan.yml diff --git a/.github/workflows/foss-scan.yml b/.github/workflows/foss-scan.yml new file mode 100644 index 0000000..b22314e --- /dev/null +++ b/.github/workflows/foss-scan.yml @@ -0,0 +1,39 @@ +# This workflow +# + builds the project from the active branch +# + stores the built project as artifact +# + unpacks it in another job +# + and scans its components using OSS Review Toolkit +# +# After that the results are uploaded. +# This workflow must be called separately. + +name: OSS Review Toolkit - FOSS scan + +on: + workflow_dispatch: + +defaults: + run: + working-directory: src + +jobs: + ort: + runs-on: ubuntu-latest + steps: + - name: Restore dependencies + run: dotnet restore + - name: Build + run: dotnet build --no-restore + - name: Use HTTPS instead of SSH for Git cloning + run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/ + - name: Run GitHub Action for ORT + uses: oss-review-toolkit/ort-ci-github-action@v1 + with: + allow-dynamic-versions: 'true' + ort-cli-args: '-P ort.analyzer.enabledPackageManagers=Nuget' + run: > + analyzer, + scanner, + evaluator, + reporter, + upload-results From e86b02d192ec2c7c185418e09d10dd2902fed623 Mon Sep 17 00:00:00 2001 From: cz-dev-ge <67101763+cd-dev-ge@users.noreply.github.com> Date: Mon, 16 Dec 2024 15:54:26 +0100 Subject: [PATCH 2/4] Update foss-scan.yml --- .github/workflows/foss-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/foss-scan.yml b/.github/workflows/foss-scan.yml index b22314e..e6f285c 100644 --- a/.github/workflows/foss-scan.yml +++ b/.github/workflows/foss-scan.yml @@ -10,7 +10,7 @@ name: OSS Review Toolkit - FOSS scan on: - workflow_dispatch: + workflow_call: defaults: run: From c00dfbb6e274dff6ca3b0eac615b5468b6de4162 Mon Sep 17 00:00:00 2001 From: cz-dev-ge <67101763+cd-dev-ge@users.noreply.github.com> Date: Mon, 16 Dec 2024 15:59:07 +0100 Subject: [PATCH 3/4] Update foss-scan.yml --- .github/workflows/foss-scan.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/foss-scan.yml b/.github/workflows/foss-scan.yml index e6f285c..45e545e 100644 --- a/.github/workflows/foss-scan.yml +++ b/.github/workflows/foss-scan.yml @@ -11,6 +11,12 @@ name: OSS Review Toolkit - FOSS scan on: workflow_call: + inputs: + dotnet_version: + description: 'The .NET SDK version that should be used by the runner (e.g. 6.0.x).' + required: false + type: string + default: '6.0.x' defaults: run: @@ -20,6 +26,13 @@ jobs: ort: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + + - name: Setup .NET + uses: actions/setup-dotnet@v2 + with: + dotnet-version: ${{ inputs.dotnet_version }} + - name: Restore dependencies run: dotnet restore - name: Build From 294bb0e35e11452102c42bd4fbd1977580d4ea11 Mon Sep 17 00:00:00 2001 From: cz-dev-ge <67101763+cd-dev-ge@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:18:58 +0100 Subject: [PATCH 4/4] Update foss-scan.yml --- .github/workflows/foss-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/foss-scan.yml b/.github/workflows/foss-scan.yml index 45e545e..c52fb44 100644 --- a/.github/workflows/foss-scan.yml +++ b/.github/workflows/foss-scan.yml @@ -40,7 +40,7 @@ jobs: - name: Use HTTPS instead of SSH for Git cloning run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/ - name: Run GitHub Action for ORT - uses: oss-review-toolkit/ort-ci-github-action@v1 + uses: oss-review-toolkit/ort-ci-github-action@0650a3c52c02ad7366b8e25aeedf752d5601c417 with: allow-dynamic-versions: 'true' ort-cli-args: '-P ort.analyzer.enabledPackageManagers=Nuget'