diff --git a/.github/workflows/dependency-vulnerabilities.yml b/.github/workflows/dependency-vulnerabilities.yml index 297f17c..355b714 100644 --- a/.github/workflows/dependency-vulnerabilities.yml +++ b/.github/workflows/dependency-vulnerabilities.yml @@ -33,7 +33,7 @@ jobs: run: .github/workflows/install-binaries.sh - name: Install NVD clojure - run: bin/clojure -Ttools install nvd-clojure/nvd-clojure '{:mvn/version "RELEASE"}' :as nvd + run: .github/workflows/install-nvd-clojure-tool.sh - name: Check that NVD Secret is set env: @@ -44,4 +44,4 @@ jobs: - name: Check clojure dependencies with NVD env: NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }} - run: bin/clojure -J-Dclojure.main.report=stderr -Sdeps '{:deps {org.owasp/dependency-check-maven {:mvn/version "10.0.2"}}}' -Tnvd nvd.task/check :config-filename '".nvd-config.edn"' :classpath "\"$(bin/clojure -Spath)\"" + run: bin/clojure -J-Dclojure.main.report=stderr -Tnvd nvd.task/check :config-filename '".nvd-config.edn"' :classpath "\"$(bin/clojure -Spath)\"" diff --git a/.github/workflows/install-nvd-clojure-tool.sh b/.github/workflows/install-nvd-clojure-tool.sh new file mode 100755 index 0000000..8296226 --- /dev/null +++ b/.github/workflows/install-nvd-clojure-tool.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +# SPDX-FileCopyrightText: 2024 Topsector Logistiek +# SPDX-FileContributor: Joost Diepenmaat +# SPDX-FileContributor: Remco van 't Veer +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +set -ex + +# See also: https://github.com/rm-hull/nvd-clojure/pull/183 +NVD_CLOJURE_REPO=https://github.com/jomco/nvd-clojure.git +NVD_CLOJURE_COMMIT=88b2150908fc42b5476ec5dddc7558457fa28d3e + +if clojure -Ttools show '{:tool nvd}' | grep -q $NVD_CLOJURE_COMMIT; then + : +else + clojure -J-Dclojure.main.report=stderr \ + -Ttools install \ + nvd-clojure/nvd-clojure "{:git/url \"${NVD_CLOJURE_REPO}\" :git/sha \"${NVD_CLOJURE_COMMIT}\"}" :as nvd +fi