-
Notifications
You must be signed in to change notification settings - Fork 0
68 lines (56 loc) · 1.67 KB
/
collectors-security-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Run Security Scans PR [snowpark_checkpoints_collector]
on:
pull_request:
branches:
- "**"
paths:
- "**"
- "!snowpark-checkpoints-validators/**"
- "!snowpark-checkpoints-hypothesis/**"
- "!Demos/**"
permissions:
contents: read
pull-requests: write
env:
PYTHON_VERSION: "3.11"
jobs:
snyk:
runs-on: ubuntu-latest
if: (github.actor != 'dependabot[bot]')
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20.9.0"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "${{ env.PYTHON_VERSION }}"
- name: Setup Python environment
run: |
python -m pip install --upgrade pip -q
pip install toml -q
pip list
- name: Install Snyk CLI
run: |
npm install -g snyk
echo "Snyk version: $(snyk --version)"
- name: Authenticate Snyk
run: |
snyk auth $SNYK_TOKEN
snyk config
env:
SNYK_TOKEN: ${{ secrets.SNYK_GITHUB_INTEGRATION_TOKEN }}
- name: Run Python Script Create Requirements
run: |
python ./.github/scripts/py_create_requirements.py --directory $DIR_NAME
cd $DIR_NAME && pwd && ls -la requirements.txt && file requirements.txt
python -m pip install -r requirements.txt
pip list
env:
DIR_NAME: "snowpark-checkpoints-collectors"
- name: Run Snyk test
run: |
snyk test --all-projects --detection-depth=10 --severity-threshold=high