Sync Snyk GitHub issues #370
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync Snyk GitHub issues | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 */4 * * *' | |
| jobs: | |
| sync: | |
| if: github.repository == 'backstage/backstage' # prevent running on forks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: use node.js 18.x | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: 18.x | |
| registry-url: https://registry.npmjs.org/ # Needed for auth | |
| - name: yarn install | |
| uses: backstage/actions/yarn-install@772cef06641090d0095188e15c85647acdf0c250 # v0.6.11 | |
| with: | |
| cache-prefix: ${{ runner.os }}-v18.x | |
| - name: Create Snyk report | |
| uses: snyk/actions/node@d406fd286b663eb8c6f8adcced4f7bcd199c0a3f # master | |
| continue-on-error: true # Snyk CLI exits with error when vulnerabilities are found | |
| with: | |
| args: > | |
| --yarn-workspaces | |
| --org=backstage-dgh | |
| --strict-out-of-sync=false | |
| --json-file-output=snyk.json | |
| --debug | |
| json: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| NODE_OPTIONS: --max-old-space-size=7168 | |
| - name: Update Github issues | |
| run: ./scripts/snyk-github-issue-sync.ts | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |