feat(ci): add dependency-check

Author: halibobo1205

.github/workflows/dependency-check.yml

@@ -0,0 +1,56 @@
+name: "Dependency Check"
+
+on:
+  push:
+    branches: [ 'develop', 'master', 'release_**' ]
+  pull_request:
+    branches: [ 'develop', "release_**" ]
+  schedule:
+    - cron: '25 6 * * *'
+
+jobs:
+  dependency-check:
+    name: Dependency Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Cache ODC data
+        uses: actions/cache@v3
+        with:
+          path: ~/.dependency-check/data
+          key: ${{ runner.os }}-odc-data-${{ hashFiles('**/build.gradle') }}
+          restore-keys: |
+            ${{ runner.os }}-odc-data-
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: '8'
+          distribution: 'temurin'
+
+      - name: Gradlew build
+        run:  ./gradlew --no-daemon -S -Dorg.gradle.dependency.verification=off -Dorg.gradle.warning.mode=none build -x test
+
+      - name: Dependency Check
+        uses: dependency-check/[email protected]
+        env:
+          # actions/setup-java@v1 changes JAVA_HOME, so it needs to be reset to match the depcheck image
+          JAVA_HOME: /opt/jdk
+        with:
+          project: 'java-tron'
+          path: '.'
+          format: 'CSV'
+          out: 'reports'
+      - name: Generate timestamp
+        run: echo "BUILD_TIMESTAMP=$(date -u +"%Y%m%d-%H%M%S")" >> $GITHUB_ENV
+      - name: Get Repository Name
+        run: echo "REPO_NAME=$(echo '${{ github.repository }}' | cut -d'/' -f2)" >> $GITHUB_ENV
+      - name: Upload report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-check-${{ env.REPO_NAME }}-${{ env.BUILD_TIMESTAMP }}
+          path: ${{github.workspace}}/reports