From 02770305de818a407e7b273822af4369fb03f812 Mon Sep 17 00:00:00 2001
From: Fortune-Ndlovu <fndlovu@redhat.com>
Date: Thu, 24 Apr 2025 16:22:57 +0100
Subject: [PATCH 1/3] chore: enable Snyk scan for orchestrator-infra chart

Signed-off-by: Fortune-Ndlovu <fndlovu@redhat.com>
---
 .github/workflows/snyk.yaml | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
index 54b94798..5a53ed56 100644
--- a/.github/workflows/snyk.yaml
+++ b/.github/workflows/snyk.yaml
@@ -25,14 +25,26 @@ jobs:
           helm repo add backstage https://backstage.github.io/charts
           helm repo update    
           helm dependency build ./charts/backstage
-          helm template ./charts/backstage/ --output-dir ./output
+          helm dependency build ./charts/orchestrator-infra
+          helm template ./charts/backstage --output-dir ./output/backstage
+          helm template ./charts/orchestrator-infra --output-dir ./output/orchestrator-infra
 
-      - name: Run SNYK IaC Scan
+      - name: Run SNYK IaC Scan for Backstage
         continue-on-error: true
-        uses: snyk/actions/iac@b98d498629f1c368650224d6d212bf7dfa89e4bf # 0.4.0
+        uses: snyk/actions/iac@0.4.0
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
           SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
         with:
-          args: --report --org=$SNYK_ORG_ID --target-name="redhat-developer/rhdh-chart"
-          file: ./output/
+          args: --report --org=$SNYK_ORG_ID --target-name="redhat-developer/rhdh-chart/backstage"
+          file: ./output/backstage
+
+      - name: Run Snyk IaC Scan for Orchestrator Infra
+        continue-on-error: true
+        uses: snyk/actions/iac@0.4.0
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
+        with:
+          args: --report --org=$SNYK_ORG_ID --target-name="redhat-developer/rhdh-chart/orchestrator-infra"
+          file: ./output/orchestrator-infra

From 1309addfab2cf42991db898844c101a74785b5f8 Mon Sep 17 00:00:00 2001
From: Fortune-Ndlovu <fndlovu@redhat.com>
Date: Thu, 24 Apr 2025 16:35:39 +0100
Subject: [PATCH 2/3] Run SNYK IaC Scan for Developer Hub

Signed-off-by: Fortune-Ndlovu <fndlovu@redhat.com>
---
 .github/workflows/snyk.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
index 5a53ed56..20392137 100644
--- a/.github/workflows/snyk.yaml
+++ b/.github/workflows/snyk.yaml
@@ -29,7 +29,7 @@ jobs:
           helm template ./charts/backstage --output-dir ./output/backstage
           helm template ./charts/orchestrator-infra --output-dir ./output/orchestrator-infra
 
-      - name: Run SNYK IaC Scan for Backstage
+      - name: Run SNYK IaC Scan for Developer Hub
         continue-on-error: true
         uses: snyk/actions/iac@0.4.0
         env:

From 831c593dd6720e756acd4b0c5601d394d14ee174 Mon Sep 17 00:00:00 2001
From: Fortune-Ndlovu <fndlovu@redhat.com>
Date: Thu, 24 Apr 2025 16:49:56 +0100
Subject: [PATCH 3/3] fixup: sha is preferred than versioning

Signed-off-by: Fortune-Ndlovu <fndlovu@redhat.com>
---
 .github/workflows/snyk.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
index 20392137..57f135f2 100644
--- a/.github/workflows/snyk.yaml
+++ b/.github/workflows/snyk.yaml
@@ -31,7 +31,7 @@ jobs:
 
       - name: Run SNYK IaC Scan for Developer Hub
         continue-on-error: true
-        uses: snyk/actions/iac@0.4.0
+        uses: snyk/actions/iac@b98d498629f1c368650224d6d212bf7dfa89e4bf # 0.4.0
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
           SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
@@ -41,7 +41,7 @@ jobs:
 
       - name: Run Snyk IaC Scan for Orchestrator Infra
         continue-on-error: true
-        uses: snyk/actions/iac@0.4.0
+        uses: snyk/actions/iac@b98d498629f1c368650224d6d212bf7dfa89e4bf # 0.4.0
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
           SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}