Skip to content

Commit

Permalink
Use Snyk test to block release if there are vulnerabilities (closes #119
Browse files Browse the repository at this point in the history
)
  • Loading branch information
TiganeteaRobert authored and colmsnowplow committed Jul 1, 2022
1 parent 5a82f8b commit 1858c7a
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
8 changes: 8 additions & 0 deletions .github/workflows/cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,14 @@ jobs:
echo "VERSION file ${{steps.version.outputs.VERSION_FILE}} does not match tagged version ${{ github.ref }}"
exit 1
- name: Snyk Setup
uses: snyk/actions/setup@master

- name: Run Snyk to check for vulnerabilities
run: snyk test --project-name=stream-replicator --severity-threshold=high
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Compile
run: make all

Expand Down
10 changes: 9 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ jobs:
- name: Checkout code
uses: actions/checkout@v2

- name: Snyk Setup
uses: snyk/actions/setup@master

- name: Run Snyk to check for vulnerabilities
run: snyk test --project-name=stream-replicator --severity-threshold=high
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Cache go modules
uses: actions/cache@v2
with:
Expand Down Expand Up @@ -60,4 +68,4 @@ jobs:
run: make lint

- name: Compile all targets
run: make all
run: make all

0 comments on commit 1858c7a

Please sign in to comment.