From 3a9c9ff6321acbe8ef91c859d23e3dcd09bdd2bf Mon Sep 17 00:00:00 2001 From: Jeremy Mill Date: Fri, 11 Feb 2022 13:27:57 -0500 Subject: [PATCH 1/2] add snyk action --- .github/workflows/snyk_merge.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/snyk_merge.yml diff --git a/.github/workflows/snyk_merge.yml b/.github/workflows/snyk_merge.yml new file mode 100644 index 0000000..6032f9f --- /dev/null +++ b/.github/workflows/snyk_merge.yml @@ -0,0 +1,18 @@ +name: snyk_merge +on: + workflow_dispatch: + push: + branches: + - main +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/ruby@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_FORGE_KEY }} + with: + command: monitor + args: --org=puppet-forge From 750ec7f8b13c11b67b45db8abf1763660e7893cb Mon Sep 17 00:00:00 2001 From: Jeremy Mill Date: Wed, 16 Feb 2022 11:02:31 -0500 Subject: [PATCH 2/2] generate gemfile.lock before running snyk --- .github/workflows/snyk_merge.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/snyk_merge.yml b/.github/workflows/snyk_merge.yml index 6032f9f..19493ca 100644 --- a/.github/workflows/snyk_merge.yml +++ b/.github/workflows/snyk_merge.yml @@ -9,6 +9,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + - name: setup ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.7 + - name: create lock + run: bundle lock - name: Run Snyk to check for vulnerabilities uses: snyk/actions/ruby@master env: