@@ -22,26 +22,117 @@ jobs:
2222 with :
2323 dotnet-version : ' 10.0.x'
2424
25- - name : Install dependencies
26- run : dotnet restore SysML2.NET.sln
27-
28- - name : Build
29- run : dotnet build SysML2.NET.sln --no-restore /p:ContinuousIntegrationBuild=true
30-
31- - name : Checking NuGet vulnerabilites
25+ - name : Check for outdated packages
26+ id : outdated
3227 run : |
3328 set -e
34- dotnet list SysML2.NET.sln package --outdated --include-transitive
3529
36- dotnet list SysML2.NET.sln package --deprecated --include-transitive
30+ # Packages to ignore (SDK/runtime-managed)
31+ IGNORE_PACKAGES="Microsoft\.NETCore\.Platforms|Microsoft\.NETCore\.Targets"
3732
38- dotnet list SysML2.NET.sln package --vulnerable --include-transitive 2>&1 | tee vulnerabilities .log
33+ dotnet list SysML2.NET.sln package --outdated --include-transitive > outdated-raw .log
3934
40- echo "Analyze dotnet list package command log output..."
41- if grep -q -i "\bcritical\b\|\bhigh\b\|\bmoderate\b\|\blow\b" vulnerabilities.log; then
42- echo "Security Vulnerabilities found"
43- exit 1
35+ # Filter out ignored core packages
36+ grep -v -E "$IGNORE_PACKAGES" outdated-raw.log > outdated.log || true
37+
38+ # Print full outdated report (including test projects) to action log
39+ echo "=== Full outdated packages report ==="
40+ cat outdated.log
41+
42+ # Build issue log: exclude test project sections
43+ # dotnet list output groups packages under project headers like:
44+ # Project `ProjectName` has the following updates available:
45+ # We remove sections for *.Tests projects
46+ awk '
47+ /^Project .*.Tests/ { skip=1; next }
48+ /^Project / { skip=0 }
49+ !skip { print }
50+ ' outdated.log > outdated-issue.log
51+
52+ # Check if non-test outdated packages exist (look for > lines indicating actual packages)
53+ if grep -q ">" outdated-issue.log; then
54+ echo "Outdated packages found (non-test)"
55+ echo "outdated=true" >> $GITHUB_OUTPUT
4456 else
45- echo "No Security Vulnerabilities found"
46- exit 0
57+ echo "No outdated packages found in non-test projects "
58+ echo "outdated=false" >> $GITHUB_OUTPUT
4759 fi
60+
61+ name : Check for deprecated packages
62+ id : deprecated
63+ run : |
64+ set -e
65+ dotnet list SysML2.NET.sln package --deprecated --include-transitive > deprecated.log
66+ if [ -s deprecated.log ]; then
67+ echo "Deprecated packages found"
68+ echo "deprecated=true" >> $GITHUB_OUTPUT
69+ else
70+ echo "No deprecated packages found"
71+ echo "deprecated=false" >> $GITHUB_OUTPUT
72+ fi
73+
74+ name : Check for vulnerable packages
75+ id : vulnerable
76+ run : |
77+ set -e
78+ dotnet list SysML2.NET.sln package --vulnerable --include-transitive > vulnerabilities.log
79+ if grep -q -i "\bcritical\b\|\bhigh\b\|\bmoderate\b\|\blow\b" vulnerabilities.log; then
80+ echo "Security Vulnerabilities found"
81+ echo "vulnerable=true" >> $GITHUB_OUTPUT
82+ else
83+ echo "No Security Vulnerabilities found"
84+ echo "vulnerable=false" >> $GITHUB_OUTPUT
85+ fi
86+
87+ name : Create GitHub Issue if issues found
88+ if : steps.outdated.outputs.outdated == 'true' || steps.deprecated.outputs.deprecated == 'true' || steps.vulnerable.outputs.vulnerable == 'true'
89+ uses : actions/github-script@v6
90+ with :
91+ github-token : ${{ secrets.GH_ISSUES_TOKEN }}
92+ script : |
93+ const fs = require('fs');
94+
95+ let issueBody = `### NuGet Package Issues Detected in [SysML2.NET](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY})\n\n`;
96+
97+ if ('${{ steps.outdated.outputs.outdated }}' === 'true') {
98+ const outdatedLog = fs.readFileSync('outdated-issue.log', 'utf8');
99+ issueBody += `#### Outdated Packages\n\`\`\`\n${outdatedLog}\n\`\`\`\n\n`;
100+ }
101+
102+ if ('${{ steps.deprecated.outputs.deprecated }}' === 'true') {
103+ const deprecatedLog = fs.readFileSync('deprecated.log', 'utf8');
104+ issueBody += `#### Deprecated Packages\n\`\`\`\n${deprecatedLog}\n\`\`\`\n\n`;
105+ }
106+
107+ if ('${{ steps.vulnerable.outputs.vulnerable }}' === 'true') {
108+ const vulnerabilitiesLog = fs.readFileSync('vulnerabilities.log', 'utf8');
109+ issueBody += `#### Vulnerable Packages\n\`\`\`\n${vulnerabilitiesLog}\n\`\`\`\n\n`;
110+ }
111+
112+ issueBody += '**Action Required:** Please review and update the affected packages.';
113+
114+ const issueTitle = 'NuGet Package Issues Detected';
115+ const { data: issues } = await github.rest.issues.listForRepo({
116+ owner: context.repo.owner,
117+ repo: context.repo.repo,
118+ state: 'open',
119+ });
120+
121+ const existingIssue = issues.find(issue => issue.title === issueTitle);
122+
123+ if (existingIssue) {
124+ await github.rest.issues.createComment({
125+ owner: context.repo.owner,
126+ repo: context.repo.repo,
127+ issue_number: existingIssue.number,
128+ body: `New check results:\n${issueBody}`,
129+ });
130+ } else {
131+ await github.rest.issues.create({
132+ owner: context.repo.owner,
133+ repo: context.repo.repo,
134+ title: issueTitle,
135+ body: issueBody,
136+ labels: ['dependencies', 'maintenance'],
137+ });
138+ }
0 commit comments