ci: Add static analysis #2

Workflow file for this run

.github/workflows/static_analysis.yml at 1ab0d46

	name: static_analysis
	# Runs the workflow on the below events:
	# 1. on pull request raised to trunk branch.
	# 2. on push event to trunk branch.
	on:
	push:
	branches:
	- trunk
	pull_request:
	branches:
	- trunk

	permissions: # added using https://github.com/step-security/secure-workflows
	contents: read

	jobs:
	static_analysis:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	package:
	- at_backupkey_flutter
	- at_chat_flutter
	- at_common_flutter
	- at_contacts_flutter
	- at_contacts_group_flutter
	- at_events_flutter
	- at_follows_flutter
	- at_invitation_flutter
	- at_location_flutter
	- at_login_flutter
	- at_notify_flutter
	- at_onboarding_flutter
	- at_sync_ui_flutter
	- at_theme_flutter

	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: subosito/flutter-action@2783a3f08e1baf891508463f8c6653c258246225 # v2.12.0
	with:
	channel: "stable"
	- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
	with:
	go-version: 'stable'
	cache-dependency-path: tools/osv-scanner/go.sum

	- name: Install dependencies and analyze in ${{ matrix.package }}
	working-directory: packages/${{ matrix.package }}
	run: \|
	flutter pub get
	flutter analyze

	# Runs osv-scanner to find any vulnerable Dart dependencies
	# It needs to look at pubspec.lock files, which is why it's
	# placed here, as the `dart pub get` above will create them
	- name: Run osv-scanner
	working-directory: packages/${{ matrix.package }}
	run: \|
	go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3
	osv-scanner --lockfile=./pubspec.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: Add static analysis #2

Workflow file

ci: Add static analysis #2

Jobs

Run details

Workflow file for this run