chore(deps): bump semver from 5.7.1 to 5.7.2 in /docs #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: snyk-go | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| jobs: | |
| repository-snyk-go: | |
| name: repository-snyk-go | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Read Go version from go.mod | |
| id: read-go-version | |
| run: | | |
| # Extract the Go version from go.mod | |
| GO_VERSION=$(grep -oP '^go \K[0-9]+\.[0-9]+' go.mod) | |
| echo "Go version: $GO_VERSION" | |
| # Set the Go version as an environment variable | |
| echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| - name: Set repo name environment variable | |
| run: | | |
| echo "REPO_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV | |
| - name: Setup Snyk | |
| run: | | |
| npm install snyk -g | |
| snyk auth ${{secrets.SNYK_ACCESS_TOKEN}} | |
| snyk config set org=${{ inputs.org_id }} | |
| - name: Configure ssh-key for private modules | |
| env: | |
| SSH_KEY: ${{ secrets.ENGINEERING_SSH_KEY }} | |
| run: | | |
| mkdir -p ~/.ssh; echo "$SSH_KEY" > ~/.ssh/id_rsa; chmod 600 ~/.ssh/id_rsa; git config --global url."[email protected]:".insteadOf "https://github.com/" | |
| mkdir -p .ssh; echo "$SSH_KEY" > .ssh/id_rsa; chmod 600 .ssh/id_rsa; | |
| - name: Download dependencies | |
| run: | | |
| make generate || true | |
| go mod vendor | |
| - name: Snyk Open Source (Test) | |
| run: | | |
| snyk test --severity-threshold=high | |
| - name: Snyk Open Source (Monitor) | |
| run: | | |
| snyk monitor --severity-threshold=high | |
| - name: Check if Dockerfile exists | |
| run: test -f Dockerfile && echo "DOCKERFILE_EXISTS=true" >> $GITHUB_ENV || { echo "Dockerfile not found."; exit 0; } | |
| shell: bash | |
| - name: Build test image for scanning the docker image | |
| if: env.DOCKERFILE_EXISTS != '' | |
| run: | | |
| docker build --build-arg VERSION=${{ github.sha }} --build-arg GO_VERSION=${{ env.GO_VERSION }} -t ${{ env.REPO_NAME }} . | |
| docker save ${{ env.REPO_NAME }} >> ${{ env.REPO_NAME }}.tar | |
| - name: Snyk Container (Test) | |
| if: env.DOCKERFILE_EXISTS != '' | |
| run: | | |
| docker load --input ${{ env.REPO_NAME }}.tar | |
| snyk container test docker-archive:${{ env.REPO_NAME }}.tar --severity-threshold=high |