Dependency Analysis #44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Dependency Analysis" | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| schedule: | |
| - cron: '0 3 * * 1' # Weekly dependency analysis | |
| jobs: | |
| # Dependency vulnerability scanning | |
| vulnerability_scan: | |
| name: Vulnerability Scanning | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: '3.24.0' | |
| channel: 'stable' | |
| - name: Install dependencies | |
| run: flutter pub get | |
| - name: Run pub audit | |
| run: flutter pub audit | |
| - name: Run dependency analysis | |
| run: | | |
| flutter pub outdated | |
| - name: Check for security advisories | |
| run: | | |
| # Check Flutter security advisories | |
| curl -s https://api.github.com/repos/flutter/flutter/security-advisories | jq '.[] | {title: .summary, severity: .severity, published: .published_at}' | |
| - name: Generate dependency report | |
| run: | | |
| echo "# Dependency Analysis Report" > dependency-report.md | |
| echo "## Flutter Dependencies" >> dependency-report.md | |
| flutter pub deps --json | jq '.packages | to_entries[] | {name: .key, version: .value.version, kind: .value.kind}' >> dependency-report.md | |
| - name: Upload dependency report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dependency-analysis-report | |
| path: dependency-report.md | |
| # License compliance check | |
| license_check: | |
| name: License Compliance | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: '3.24.0' | |
| channel: 'stable' | |
| - name: Install license checker | |
| run: | | |
| flutter pub global activate flutter_oss_licenses | |
| flutter pub global activate dart_licenser | |
| - name: Generate license report | |
| run: | | |
| flutter pub global run flutter_oss_licenses:pigeon | |
| flutter pub global run dart_licenser:generate | |
| - name: Check license compatibility | |
| run: | | |
| # Check if all licenses are compatible | |
| echo "Checking license compatibility..." | |
| - name: Upload license report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: license-report | |
| path: oss_licenses.json | |
| # Code quality metrics | |
| code_metrics: | |
| name: Code Quality Metrics | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: '3.24.0' | |
| channel: 'stable' | |
| - name: Install code metrics | |
| run: | | |
| flutter pub global activate dart-code-metrics | |
| npm install -g complexity-report | |
| - name: Install dependencies | |
| run: flutter pub get | |
| - name: Run code metrics analysis | |
| run: | | |
| flutter pub global run dart-code-metrics analyze lib --reporter=json > metrics-report.json | |
| - name: Analyze complexity | |
| run: | | |
| # Analyze cyclomatic complexity | |
| jq '.files[] | {file: .file, complexity: .metrics.cyclomaticComplexity}' metrics-report.json | |
| - name: Check technical debt | |
| run: | | |
| # Calculate technical debt ratio | |
| echo "Technical debt analysis..." | |
| - name: Upload metrics report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-metrics-report | |
| path: metrics-report.json | |
| # Size analysis | |
| size_analysis: | |
| name: App Size Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: '3.24.0' | |
| channel: 'stable' | |
| - name: Install size analysis tools | |
| run: | | |
| flutter pub global activate devtools | |
| npm install -g bundle-analyzer | |
| - name: Install dependencies | |
| run: flutter pub get | |
| - name: Analyze APK size | |
| run: | | |
| flutter build apk --analyze-size | |
| flutter build appbundle --analyze-size | |
| - name: Analyze web bundle size | |
| run: | | |
| flutter build web --analyze-size | |
| - name: Generate size report | |
| run: | | |
| echo "# App Size Analysis" > size-report.md | |
| echo "## APK Size Breakdown" >> size-report.md | |
| echo "Generated by Flutter build analyzer" >> size-report.md | |
| - name: Upload size report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-size-report | |
| path: size-report.md | |
| # Dependency graph analysis | |
| dependency_graph: | |
| name: Dependency Graph Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: '3.24.0' | |
| channel: 'stable' | |
| - name: Install graph tools | |
| run: | | |
| npm install -g madge | |
| flutter pub global activate dependency_validator | |
| - name: Install dependencies | |
| run: flutter pub get | |
| - name: Generate dependency graph | |
| run: | | |
| # Generate visual dependency graph | |
| flutter pub deps --dot > dependency-graph.dot | |
| - name: Analyze circular dependencies | |
| run: | | |
| # Check for circular dependencies | |
| flutter pub global run dependency_validator | |
| - name: Upload dependency graph | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dependency-graph | |
| path: dependency-graph.dot |