Use Snyk test to block release if there are vulnerabilities (closes #119

)
snowplow · Aug 12, 2022 · 7ca6be1 · 7ca6be1
1 parent 1a410fb
commit 7ca6be1
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -49,6 +49,14 @@ jobs:
         echo "VERSION file ${{steps.version.outputs.VERSION_FILE}} does not match tagged version ${{ github.ref }}"
         exit 1
 
+    - name: Snyk Setup
+      uses: snyk/actions/setup@master
+
+    - name: Run Snyk to check for vulnerabilities
+      run: snyk test --project-name=stream-replicator --severity-threshold=high
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
     - name: Compile
       run: make all
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -27,6 +27,14 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
 
+    - name: Snyk Setup
+      uses: snyk/actions/setup@master
+
+    - name: Run Snyk to check for vulnerabilities
+      run: snyk test --project-name=stream-replicator --severity-threshold=high
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
     - name: Cache go modules
       uses: actions/cache@v2
       with:
@@ -60,4 +68,4 @@ jobs:
       run: make lint
 
     - name: Compile all targets
-      run: make all
+      run: make all