Skip to content

chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 in the github-actions group #79

chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 in the github-actions group

chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 in the github-actions group #79

Workflow file for this run

name: static_analysis
# Runs the workflow on the below events:
# 1. on pull request raised to trunk branch.
# 2. on push event to trunk branch.
on:
push:
branches:
- trunk
pull_request:
branches:
- trunk
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
static_analysis:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package:
- at_cli
- at_cram
- at_dump_atKeys
- at_hive_recovery
- at_pkam
- at_repl
- at_ve_doctor
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5
with:
sdk: stable
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 'stable'
cache-dependency-path: tools/osv-scanner/go.sum
- name: Install dependencies and analyze in ${{ matrix.package }}
working-directory: packages/${{ matrix.package }}
run: |
dart pub get
dart analyze
# Runs osv-scanner to find any vulnerable Dart dependencies
# It needs to look at pubspec.lock files, which is why it's
# placed here, as the `dart pub get` above will create them
- name: Run osv-scanner
working-directory: packages/${{ matrix.package }}
run: |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3
osv-scanner --lockfile=./pubspec.lock