Created
July 24, 2024 23:25
-
-
Save gilest/ed753523b15471a6b6d6a2a04b48af07 to your computer and use it in GitHub Desktop.
Monitor Snyk dependencies with pnpm during private beta (Github Actions)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Goes in .github/workflows of any repositories in org to periodically update snyk monitoring | |
# The values for vars.SNYK_ORG_ID and secrets.SNYK_TOKEN can be configured organisation-wide | |
name: Monitor dependencies | |
on: | |
schedule: | |
# runs every day at 2:30am | |
- cron: '30 14 * * *' | |
jobs: | |
monitor: | |
name: Monitor | |
runs-on: ubuntu-latest | |
steps: | |
- name: Monitor dependencies | |
uses: organistation/actions/snyk-monitor@main | |
with: | |
SNYK_ORG_ID: ${{ vars.SNYK_ORG_ID }} | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Goes in org-level organisation/actions repo, can be referenced from any organisation repos | |
name: Monitor dependencies | |
description: Runs snyk monitor | |
inputs: | |
SNYK_TOKEN: | |
required: true | |
SNYK_ORG_ID: | |
required: true | |
jobs: | |
lint: | |
name: Monitor | |
runs-on: ubuntu-latest | |
runs: | |
using: 'composite' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get latest Snyk Preview version | |
shell: bash | |
run: | |
echo "SNYK_PREVIEW_VERSION=$(curl -s https://static.snyk.io/cli/preview/release.json | jq -r '.["version"]')" >> $GITHUB_ENV | |
- name: Cache Snyk Preview | |
uses: actions/cache@v4 | |
id: cache-snyk-cli | |
with: | |
path: snyk | |
key: snyk-${{ env.SNYK_PREVIEW_VERSION }} | |
- name: Download Snyk Preview | |
shell: bash | |
if: steps.cache-snyk-cli.outputs.cache-hit != 'true' | |
run: | | |
curl --compressed https://static.snyk.io/cli/v${{ env.SNYK_PREVIEW_VERSION }}/snyk-linux -o snyk | |
chmod +x snyk | |
- name: Run snyk monitor | |
shell: bash | |
env: | |
SNYK_TOKEN: ${{ inputs.SNYK_TOKEN }} | |
run: | | |
./snyk monitor --dev --all-projects --org=${{ inputs.SNYK_ORG_ID }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment