From 5ad355370049047e8927fed6ba4abc6f1d747b43 Mon Sep 17 00:00:00 2001 From: Sam Hession Date: Wed, 19 Jan 2022 17:35:18 +0000 Subject: [PATCH 1/7] Adds generic sbt node snyk workflow --- .github/workflows/sbt-node-snyk.yml | 40 +++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/sbt-node-snyk.yml diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml new file mode 100644 index 0000000..372d1b0 --- /dev/null +++ b/.github/workflows/sbt-node-snyk.yml @@ -0,0 +1,40 @@ +name: SBT Node Snyk + +on: + workflow_call: + inputs: + DEBUG: + type: string + required: false + secrets: + SNYK_TOKEN: + required: true + +jobs: + security: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + uses: actions/checkout@v2 + + - name: Setup debug var + run: echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV + shell: bash + + - name: Get node version + run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_ENV + + - uses: snyk/actions/setup@0.3.0 + - uses: actions/setup-node@v2 + with: + node-version: ${{ env.NODE_VERSION }} + + - uses: actions/setup-java@v2 + with: + java-version: "8" + distribution: "adopt" + + - name: Snyk monitor + run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file From 2d42b444002116e79a37148fc8f044759c03d70b Mon Sep 17 00:00:00 2001 From: Sam Hession Date: Thu, 20 Jan 2022 09:59:49 +0000 Subject: [PATCH 2/7] Sets Java version to 11 and simplifies node version retrieval --- .github/workflows/sbt-node-snyk.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml index 372d1b0..db7b85c 100644 --- a/.github/workflows/sbt-node-snyk.yml +++ b/.github/workflows/sbt-node-snyk.yml @@ -21,17 +21,14 @@ jobs: run: echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV shell: bash - - name: Get node version - run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_ENV - - uses: snyk/actions/setup@0.3.0 - uses: actions/setup-node@v2 with: - node-version: ${{ env.NODE_VERSION }} + node-version-file: '.nvmrc' - uses: actions/setup-java@v2 with: - java-version: "8" + java-version: "11" distribution: "adopt" - name: Snyk monitor From 165178a01895f86506fa5e81d596fa56c810a51d Mon Sep 17 00:00:00 2001 From: Sam Hession Date: Fri, 4 Feb 2022 09:38:02 +0000 Subject: [PATCH 3/7] Adds java_version input to the snyk workflow --- .github/workflows/sbt-node-snyk.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml index db7b85c..4252474 100644 --- a/.github/workflows/sbt-node-snyk.yml +++ b/.github/workflows/sbt-node-snyk.yml @@ -1,4 +1,4 @@ -name: SBT Node Snyk +name: Simple Snyk monitor for SBT + Node on: workflow_call: @@ -6,6 +6,10 @@ on: DEBUG: type: string required: false + JAVA_VERSION: + type: string + required: false + default: "11" secrets: SNYK_TOKEN: required: true @@ -28,7 +32,7 @@ jobs: - uses: actions/setup-java@v2 with: - java-version: "11" + java-version: ${{ inputs.JAVA_VERSION }} distribution: "adopt" - name: Snyk monitor From 8d5182074cbdbcd11423543f2aa3ac8fdbc15b9a Mon Sep 17 00:00:00 2001 From: Jorge Azevedo Date: Thu, 3 Feb 2022 09:59:49 +0000 Subject: [PATCH 4/7] Make org required --- .github/workflows/sbt-node-snyk.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml index 4252474..0c12566 100644 --- a/.github/workflows/sbt-node-snyk.yml +++ b/.github/workflows/sbt-node-snyk.yml @@ -6,6 +6,9 @@ on: DEBUG: type: string required: false + ORG: + type: string + required: true JAVA_VERSION: type: string required: false @@ -25,6 +28,10 @@ jobs: run: echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV shell: bash + - name: Setup org var + run: echo INPUT_ORG=${{ inputs.ORG }} >> $GITHUB_ENV + shell: bash + - uses: snyk/actions/setup@0.3.0 - uses: actions/setup-node@v2 with: @@ -36,6 +43,6 @@ jobs: distribution: "adopt" - name: Snyk monitor - run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} + run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} --org=${INPUT_ORG} env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 1c7bd5474264cccb294e4a4c573b17ebd8956d0e Mon Sep 17 00:00:00 2001 From: Jorge Azevedo Date: Thu, 3 Feb 2022 14:45:16 +0000 Subject: [PATCH 5/7] Simplify handling of ORG variable --- .github/workflows/sbt-node-snyk.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml index 0c12566..fdc9d43 100644 --- a/.github/workflows/sbt-node-snyk.yml +++ b/.github/workflows/sbt-node-snyk.yml @@ -25,11 +25,8 @@ jobs: uses: actions/checkout@v2 - name: Setup debug var - run: echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV - shell: bash - - - name: Setup org var - run: echo INPUT_ORG=${{ inputs.ORG }} >> $GITHUB_ENV + run: | + echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV shell: bash - uses: snyk/actions/setup@0.3.0 @@ -43,6 +40,6 @@ jobs: distribution: "adopt" - name: Snyk monitor - run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} --org=${INPUT_ORG} + run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} --org=${{ inputs.ORG }} env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 9b44635017ac4bcfaef546727d9677c195c1a54f Mon Sep 17 00:00:00 2001 From: Jorge Azevedo Date: Thu, 3 Feb 2022 14:45:54 +0000 Subject: [PATCH 6/7] Handle org whitespace --- .github/workflows/sbt-node-snyk.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml index fdc9d43..adebbb7 100644 --- a/.github/workflows/sbt-node-snyk.yml +++ b/.github/workflows/sbt-node-snyk.yml @@ -25,8 +25,7 @@ jobs: uses: actions/checkout@v2 - name: Setup debug var - run: | - echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV + run: echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV shell: bash - uses: snyk/actions/setup@0.3.0 @@ -40,6 +39,6 @@ jobs: distribution: "adopt" - name: Snyk monitor - run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} --org=${{ inputs.ORG }} + run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} --org="${{ inputs.ORG }}" env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 7c341668d686c42379d00718adc927cf30d16dee Mon Sep 17 00:00:00 2001 From: Sam Hession Date: Fri, 4 Feb 2022 12:00:43 +0000 Subject: [PATCH 7/7] rearranges cli arguments --- .github/workflows/sbt-node-snyk.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sbt-node-snyk.yml b/.github/workflows/sbt-node-snyk.yml index adebbb7..b5a7ffb 100644 --- a/.github/workflows/sbt-node-snyk.yml +++ b/.github/workflows/sbt-node-snyk.yml @@ -24,10 +24,6 @@ jobs: - name: Checkout branch uses: actions/checkout@v2 - - name: Setup debug var - run: echo INPUT_DEBUG=${{ inputs.DEBUG }} >> $GITHUB_ENV - shell: bash - - uses: snyk/actions/setup@0.3.0 - uses: actions/setup-node@v2 with: @@ -39,6 +35,7 @@ jobs: distribution: "adopt" - name: Snyk monitor - run: snyk monitor --all-projects ${INPUT_DEBUG:+ -d} --org="${{ inputs.ORG }}" + run: snyk monitor ${INPUT_DEBUG:+ -d} --all-projects --org="${{ inputs.ORG }}" env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + INPUT_DEBUG: ${{ inputs.DEBUG }}