generated from insightsengineering/r.pkg.template
-
Notifications
You must be signed in to change notification settings - Fork 0
79 lines (75 loc) · 2.05 KB
/
audit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: Audit Dependencies 🕵️♀️
on:
push:
branches:
- main
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
branches:
- main
workflow_dispatch:
workflow_call:
jobs:
audit:
runs-on: ubuntu-latest
container:
image: ghcr.io/insightsengineering/rstudio_4.2.2_bioc_3.16:latest
name: oysteR scan 🦪
if: >
!contains(github.event.commits[0].message, '[skip audit]')
&& github.event.pull_request.draft == false
steps:
- name: Checkout repo 🛎
uses: actions/checkout@v3
- name: Run oysteR scan on dependencies 🔍
run: |
tryCatch(
expr = {
dependencies_scan = oysteR::audit_description(
dir = ".",
fields = c("Depends", "Imports", "Suggests"),
verbose = TRUE
)
print(as.data.frame(
dependencies_scan[c(
"package",
"version",
"vulnerabilities",
"no_of_vulnerabilities"
)]
))
},
error = function(e) {
message('🚨 Caught an error!')
print(e)
}
)
shell: Rscript {0}
- name: Run oysteR scan on renv.lock 🔒
run: |
tryCatch(
expr = {
if (file.exists("renv.lock")) {
renv_lock_scan = oysteR::audit_renv_lock(dir = ".", verbose = TRUE)
print(as.data.frame(
renv_lock_scan[c(
"package",
"version",
"vulnerabilities",
"no_of_vulnerabilities"
)]
))
} else {
print("No renv.lock file, not scanning.")
}
},
error = function(e) {
message('🚨 Caught an error!')
print(e)
}
)
shell: Rscript {0}