vulnerability-check #75

	name: vulnerability-check
	on:
	schedule:
	# Run at 16:00 UTC every Sunday (Monday 00:00 CST)
	- cron: "0 16 * * 0"
	workflow_dispatch:
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	env:
	MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3
	MAVEN_ARGS: --batch-mode --no-transfer-progress
	DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

	jobs:
	dependency-check:
	if: ${{ github.event_name == 'workflow_dispatch' \|\| github.repository == 'apache/iotdb' }}
	runs-on: ubuntu-latest
	permissions:
	contents: read

	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	distribution: corretto
	java-version: 17

	- name: Do Maven install
	shell: bash
	run: mvn $MAVEN_ARGS clean install -DskipTests

	- name: Do the dependency-check:aggregate
	shell: bash
	run: mvn $MAVEN_ARGS org.owasp:dependency-check-maven:aggregate -DossIndexUsername=${{ secrets.OSS_INDEX_USER }} -DossIndexPassword=${{ secrets.OSS_INDEX_TOKEN }} -DnvdApiKey=${{ secrets.NVD_API_KEY }}

	- name: Generate report date for artifact name
	run: \|
	utc_time="${{ github.run_started_at }}"
	target_time=$(TZ=Asia/Shanghai date -d "$utc_time" +"%Y-%m-%d")
	echo "REPORT_DATE=$target_time" >> $GITHUB_ENV

	- name: Upload Artifact
	uses: actions/upload-artifact@v4
	with:
	name: vulnerability-check-result-${{ env.REPORT_DATE }}
	path: target/dependency-check-report.html
	retention-days: 15

Provide feedback