Snyk Container #163

	name: Snyk Container

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	schedule:
	- cron: '30 22 * * 5'

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	snyk:
	runs-on: ubuntu-latest
	name: rapadm-snyk
	steps:
	- uses: actions/checkout@v4
	- name: R setup
	uses: r-lib/actions/setup-r@v2
	- name: Build package (tarball)
	run: R CMD build .
	- name: Build docker image
	run: docker build -t rapadm-snyk .
	- name: Run Snyk to check Docker image for vulnerabilities
	# Snyk can be used to break the build when it detects vulnerabilities.
	# In this case we want to upload the issues to GitHub Code Scanning
	continue-on-error: true
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: rapadm-snyk
	args: --file=Dockerfile --severity-threshold=high
	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif
	- name: Monitor image in Snyk UI
	continue-on-error: true
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	command: monitor
	image: rapadm-snyk
	args: --file=Dockerfile --severity-threshold=high --org=b034af62-43be-40c7-95e8-fdc56d6f3092
	- name: Accept only vulnerability levels below high
	continue-on-error: false
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: rapadm-snyk
	args: --file=Dockerfile --severity-threshold=high

Provide feedback