New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds Snyk GitHub action using CLI #356
Conversation
ce63f12
to
ee285fe
Compare
Seems to be working as inteded, except it is determining the wrong |
3e464eb
to
eba0751
Compare
eba0751
to
0bbf882
Compare
.github/workflows/snyk.yml
Outdated
|
||
jobs: | ||
security: | ||
uses: guardian/.github/.github/workflows/sbt-node-snyk.yml@add-generic-snyk-workflow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm no expert but I think maybe a nicer way of exposing this generic action would be to separate into its own repo and then create an example usage in a workflow in the .github
repo that references the standalone action. Then the reference here can be a bit cleaner, something like guardian/snyk-generic-action@1.0.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah good point, I would be open to that idea. I'm not sure if there is an important distinction between workflows
and actions
to be made. I think workflows may need to be referenced in this convoluted way.
2d632ad
to
c0b9860
Compare
c0b9860
to
2550c9c
Compare
Ace! I can't see anything in checks – do we need to do anything special to kick this off, or perhaps I'm looking in the wrong place? |
@jonathonherbert, the checks are, for the merged version, disabled so that we don't get conflicting results in Snyk. You can see a previously run action here: https://github.com/guardian/workflow-frontend/runs/5128202281?check_suite_focus=true. The results of that action will be visible in the Snyk dashboard. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seen on WORKFLOW_PROD (merged by @SHession 6 minutes and 23 seconds ago) Please check your changes! |
What does this change?
Adds Snyk integration using the CLI via GitHub actions using a new reusable workflow. This should provide us more consistent and accurate results.
How to test
Does the GitHub action kick off correctly, do the result display as expected in the Snyk dashboard?