Maven Dependency Check #104

	---
	name: Maven Dependency Check

	on:
	schedule:
	- cron: "0 0 * * 0"
	workflow_dispatch:

	permissions: {}

	env:
	MAVEN_OPTS: >
	-Dhttps.protocols=TLSv1.2
	-Dmaven.repo.local=.m2/repository
	-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
	-Dorg.slf4j.simpleLogger.showDateTime=true
	-Djava.awt.headless=true
	MAVEN_CLI_OPTS: >
	--batch-mode
	--errors
	--fail-at-end
	--show-version
	-DinstallAtEnd=true
	-DdeployAtEnd=true

	jobs:
	maven-dependency-check:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 1
	persist-credentials: false
	- name: Set up JDK
	uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
	with:
	distribution: temurin
	java-version: 21
	- name: Dependency Check with Maven
	working-directory: xml
	env:
	NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
	shell: bash
	run: \|
	set -euo pipefail
	# Do not set IFS=$'\n\t', breaks ${MAVEN_CLI_OPTS}
	# shellcheck disable=SC2086 # [Double quote to prevent globbing and word splitting]: splitting is desired for MAVEN_CLI_OPTS
	./mvnw ${MAVEN_CLI_OPTS} -DdependencyCheck.NVDApiKey=${NVD_API_KEY} dependency-check:aggregate
	- name: Clean up
	working-directory: xml
	shell: bash
	run: \|
	set -euo pipefail
	IFS=$'\n\t'
	rm "${HOME}/.m2/settings.xml"

Provide feedback