ci: Run dependency scan with nightly job and upon merge to master bra…

…nch (Consensys#1038) Update CircleCI config to run dependency scan on merge to master branch and nightly jobs.
usmansaleem · Nov 22, 2024 · c15412e · c15412e
1 parent d058255
commit c15412e
Showing 1 changed file with 32 additions and 6 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -60,6 +60,9 @@ commands:
     description: "Prepare"
     steps:
       - checkout
+      - run:
+          name: Update Git Submodules
+          command: git submodule update --init --recursive
       - restore_cache:
           name: Restore cached gradle dependencies
           keys:
@@ -150,16 +153,10 @@ jobs:
       - run:
           name: Build
           command: |
-            git submodule update --init --recursive
             ./gradlew --no-daemon --parallel build
       - store_artifacts:
           path: build/distributions
           destination: distributions
-      - run:
-          name: Dependency vulnerability scan
-          no_output_timeout: 40m
-          command: |
-            ./gradlew --no-daemon -Dorg.gradle.parallel=false dependencyCheckAggregate -DnvdApiDelay=6000
       - run:
           name: Test
           no_output_timeout: 20m
@@ -182,6 +179,19 @@ jobs:
           root: ~/project
           paths:
             - ./
+  depScan:
+    executor: executor_med
+    steps:
+      - prepare
+      - attach_workspace:
+          at: ~/project
+      - run:
+          name: Dependency vulnerability scan
+          no_output_timeout: 40m
+          command: |
+            ./gradlew --no-daemon -Dorg.gradle.parallel=false dependencyCheckAggregate -DnvdApiDelay=6000
+      - capture_test_results
+      - capture_test_reports
 
   acceptanceTests:
     executor: executor_large
@@ -316,6 +326,11 @@ workflows:
       - build:
           context:
             - protocols-signers
+      - depScan:
+          requires:
+            - build
+          context:
+            - protocols-signers
       - dockerScan
       - acceptanceTests:
           requires:
@@ -331,6 +346,17 @@ workflows:
               only: /^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?/
           context:
             - protocols-signers
+      - depScan:
+          requires:
+            - build
+          filters:
+            branches:
+              only:
+                - master
+            tags:
+              <<: *filters-release-tags
+          context:
+            - protocols-signers
       - acceptanceTests:
           requires:
             - build