AWS OIDC IDP #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Copyright The Linux Foundation and each contributor to LFX. | |
| # SPDX-License-Identifier: MIT | |
| name: Snyk Scan | |
| on: | |
| # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Setup Node | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: '14' | |
| - name: Setup python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.9' # Version range or exact version of a Python version to use, using SemVer's version range syntax | |
| - name: Setup | |
| run: | | |
| echo "Node version is: $(node --version)" | |
| echo "Yarn version is: $(yarn --version)" | |
| echo "Running top level install..." | |
| yarn install | |
| - name: Install Python Dependences | |
| run: | | |
| echo "Python version is: $(python --version)" | |
| pip install -r requirements.txt | |
| - name: Run Snyk to check for vulnerabilities | |
| uses: snyk/actions/node@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| SNYK_ORG: ${{ secrets.SNYK_ORG }} | |
| with: | |
| command: test | |
| args: --org=${{ secrets.SNYK_ORG }} --severity-threshold=high --all-projects | |
| - name: Run Snyk to upload vulnerabilities | |
| uses: snyk/actions/node@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| SNYK_ORG: ${{ secrets.SNYK_ORG }} | |
| with: | |
| command: monitor | |
| args: --org=${{ secrets.SNYK_ORG }} --severity-threshold=high --all-projects | |
| - uses: ravsamhq/notify-slack-action@v1 | |
| if: always() | |
| with: | |
| status: ${{ job.status }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| notification_title: '{workflow} has {status_message}' | |
| message_format: '{emoji} {workflow} {status_message} for repository <{repo_url}|{repo}@{branch}> on <{commit_url}|{commit_sha}>' | |
| footer: 'Repository: <{repo_url}|{repo}> | <{workflow_url}|View Workflow>' | |
| mention_users: 'UH8CHEUQL,UNLDL97LZ' | |
| notify_when: 'failure' | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |