Skip to content

build(deps-dev): bump the development-dependencies group across 1 directory with 7 updates #527

build(deps-dev): bump the development-dependencies group across 1 directory with 7 updates

build(deps-dev): bump the development-dependencies group across 1 directory with 7 updates #527

Workflow file for this run

###############################################################
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
###############################################################
name: Check Dependencies
on:
push:
branches: [main]
paths:
- yarn.lock
- DEPENDENCIES
- .github/workflows/dependencies.yaml
pull_request:
types: [opened, synchronize, reopened]
paths:
- yarn.lock
- DEPENDENCIES
- .github/workflows/dependencies.yaml
workflow_dispatch:
jobs:
check-dependencies:
runs-on: ubuntu-latest
steps:
- name: Set up JDK 17
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
distribution: 'temurin'
java-version: '17'
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Generate Dependencies file
run: java -jar ./scripts/download/org.eclipse.dash.licenses-1.1.1.jar yarn.lock -project automotive.tractusx -summary DEPENDENCIES || true
- name: Check if dependencies were changed
id: dependencies-changed
run: |
changed=$(git diff DEPENDENCIES)
if [[ -n "$changed" ]]; then
echo "dependencies changed"
echo "changed=true" >> $GITHUB_OUTPUT
else
echo "dependencies not changed"
echo "changed=false" >> $GITHUB_OUTPUT
fi
- name: Check for restricted dependencies
run: |
restricted=$(grep ' restricted,' DEPENDENCIES || true)
if [[ -n "$restricted" ]]; then
echo "The following dependencies are restricted: $restricted"
exit 1
fi
if: steps.dependencies-changed.outputs.changed == 'true'
- name: Upload DEPENDENCIES file
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
path: DEPENDENCIES
if: steps.dependencies-changed.outputs.changed == 'true'
- name: Signal need to update DEPENDENCIES
run: |
echo "Dependencies need to be updated (updated DEPENDENCIES file has been uploaded to workflow run)"
exit 1
if: steps.dependencies-changed.outputs.changed == 'true'