Monitor Snyk dependencies with pnpm during private beta (Github Actions)

monitor-dependencies.yml

# Goes in .github/workflows of any repositories in org to periodically update snyk monitoring
# The values for vars.SNYK_ORG_ID and secrets.SNYK_TOKEN can be configured organisation-wide

name: Monitor dependencies

on:
  schedule:
    # runs every day at 2:30am
    - cron: '30 14 * * *'

jobs:
  monitor:
    name: Monitor
    runs-on: ubuntu-latest

    steps:
      - name: Monitor dependencies
        uses: organistation/actions/snyk-monitor@main
        with:
          SNYK_ORG_ID: ${{ vars.SNYK_ORG_ID }}
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

snyk-monitor.yml

# Goes in org-level organisation/actions repo, can be referenced from any organisation repos

name: Monitor dependencies
description: Runs snyk monitor
inputs:
  SNYK_TOKEN:
    required: true
  SNYK_ORG_ID:
    required: true

jobs:
  lint:
    name: Monitor
    runs-on: ubuntu-latest

runs:
    using: 'composite'

    steps:
      - uses: actions/checkout@v4

      - name: Get latest Snyk Preview version
        shell: bash
        run:
          echo "SNYK_PREVIEW_VERSION=$(curl -s https://static.snyk.io/cli/preview/release.json | jq -r '.["version"]')" >> $GITHUB_ENV

      - name: Cache Snyk Preview
        uses: actions/cache@v4
        id: cache-snyk-cli
        with:
          path: snyk
          key: snyk-${{ env.SNYK_PREVIEW_VERSION }}

      - name: Download Snyk Preview
        shell: bash
        if: steps.cache-snyk-cli.outputs.cache-hit != 'true'
        run: |
          curl --compressed https://static.snyk.io/cli/v${{ env.SNYK_PREVIEW_VERSION }}/snyk-linux -o snyk
          chmod +x snyk

      - name: Run snyk monitor
        shell: bash
        env:
          SNYK_TOKEN: ${{ inputs.SNYK_TOKEN }}
        run: |
          ./snyk monitor --dev --all-projects --org=${{ inputs.SNYK_ORG_ID }}