Skip to content

Bump actions/upload-artifact from 3.1.0 to 4.1.0 #56349

Bump actions/upload-artifact from 3.1.0 to 4.1.0

Bump actions/upload-artifact from 3.1.0 to 4.1.0 #56349

name: Dependency Vulnerability Check
on:
push:
jobs:
changes:
name: Detect changes
runs-on: ubuntu-latest
outputs:
changes: ${{ steps.changes.outputs.src }}
steps:
- name: Checkout the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
with:
filters: |
src:
- '**/*go.sum'
- '**/*go.mod'
- '.github/workflows/dependency-check.yml'
Go:
runs-on: ubuntu-latest
needs: [changes]
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go
if: needs.changes.outputs.src == 'true'
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: 'go.mod'
id: go
- name: Write Go Modules list
if: needs.changes.outputs.src == 'true'
run: go list -json -m all > go.list
- name: Check vulnerabilities
if: needs.changes.outputs.src == 'true'
uses: sonatype-nexus-community/nancy-github-action@main
with:
nancyVersion: "v1.0.39"
- name: Collect Metrics
if: always()
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d1618b772a97fd87e6505de97b872ee0b1f1729a # v2.0.2
with:
basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_CLOUD_HOST }}
this-job-name: Go
continue-on-error: true