From 7c3aa8a0441c869ef0b313dbe3fbaccb6faf3d64 Mon Sep 17 00:00:00 2001
From: Titus Meyer <titus.meyer@novatec-gmbh.de>
Date: Fri, 3 Nov 2023 15:48:47 +0100
Subject: [PATCH] add dependency check step

---
 .github/workflows/release.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3aa0ce1673..c5fd95d6fa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,8 @@ jobs:
         uses: actions/checkout@v3
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
+      - name: Scan dependencies
+        run: ./gradlew dependencyCheckAnalyze
       - name: Build artifacts
         run: |
           ./gradlew assemble bootJarWithFrontend :inspectit-ocelot-core:cyclonedxBom :inspectit-ocelot-configurationserver:cyclonedxBom -PbuildVersion=${{ github.ref_name }}
@@ -26,7 +28,7 @@ jobs:
           cp ./inspectit-ocelot-core/build/reports/bom.xml ./boms/inspectit-ocelot-agent-bom.xml
           cp ./components/inspectit-ocelot-configurationserver/build/reports/bom.json ./boms/inspectit-ocelot-configurationserver-bom.json
           cp ./components/inspectit-ocelot-configurationserver/build/reports/bom.xml ./boms/inspectit-ocelot-configurationserver-bom.xml
-          zip -r ./artifacts/software-bill-of-materials.zip ./boms 
+          zip -r ./artifacts/software-bill-of-materials.zip ./boms
       - name: Calculate checksums of release artifacts
         working-directory: ./artifacts
         run: for f in *; do sha256sum "$f" >> inspectit-ocelot-sha256-checksums.txt; done
@@ -39,8 +41,8 @@ jobs:
         uses: danipaniii/action-github-changelog-generator@v1.2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          sinceTag: ${{ steps.previoustag.outputs.tag }} 
-          dateFormat: 
+          sinceTag: ${{ steps.previoustag.outputs.tag }}
+          dateFormat:
           maxIssues: 500
           unreleased: false
           author: false
@@ -57,7 +59,7 @@ jobs:
           body: |
             "You can also find the corresponding documentation online under the following link: [inspectIT Ocelot Documentation](http://docs.inspectit.rocks)"
             ${{ steps.build_changelog.outputs.changelog }}
-            
+
   build_and_publish_docker_images:
     name: "Build and Push Docker Images"
     runs-on: ubuntu-latest