Skip to content
Snyk

ci: Updates to Workflows #12

Sign in to view logs

ci: Updates to Workflows

ci: Updates to Workflows #12

Workflow file for this run

.github/workflows/snyk.yml at c5c7541
name: Snyk
on:
merge_group:
#pull_request_target: # TODO Change this back
pull_request:
types:
- opened
- synchronize
push:
branches:
- main
schedule:
- cron: "30 0 1,15 * *"
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true
check:
needs: authorize # Require approval before running on forked pull requests
name: Check for Vulnerabilities
runs-on: windows-2022
steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
- uses: actions/checkout@v4
# with:
# ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} # TODO Change this back
# - uses: ./.github/actions/build
# with:
# solution-path: Sample\Auth0MauiApp.sln
# Install Scoop, Snyk's Scoop bucket, and the Snyk CLI.
- shell: pwsh
run: |
iwr get.scoop.sh -outfile 'install.ps1'
.\install.ps1 -RunAsAdmin
scoop --version
scoop bucket add snyk https://github.com/snyk/scoop-snyk
scoop install snyk
# Check that project is registered with Snyk when triggered from main branch
- if: github.ref == 'refs/heads/main'
continue-on-error: true
run: snyk monitor
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# Report vulnerabilities
- run: snyk test
working-directory: Sample\Auth0MauiApp.sln
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}