Sync Snyk GitHub issues #6619
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync Snyk GitHub issues | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 */4 * * *' | |
| jobs: | |
| sync: | |
| if: github.repository == 'backstage/backstage' # prevent running on forks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: use node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| registry-url: https://registry.npmjs.org/ # Needed for auth | |
| - name: yarn install | |
| uses: backstage/actions/yarn-install@v0.6.4 | |
| with: | |
| cache-prefix: ${{ runner.os }}-v18.x | |
| - name: Create Snyk report | |
| uses: snyk/actions/node@master | |
| continue-on-error: true # Snyk CLI exits with error when vulnerabilities are found | |
| with: | |
| args: > | |
| --yarn-workspaces | |
| --org=backstage-dgh | |
| --strict-out-of-sync=false | |
| --json-file-output=snyk.json | |
| --debug | |
| json: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| NODE_OPTIONS: --max-old-space-size=7168 | |
| - name: Update Github issues | |
| run: yarn ts-node scripts/snyk-github-issue-sync.ts | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |