Skip to content

bump tj-actions/changed-files from 35 to 41 in /.github/workflows in the github_actions group across 1 directory #10

bump tj-actions/changed-files from 35 to 41 in /.github/workflows in the github_actions group across 1 directory

bump tj-actions/changed-files from 35 to 41 in /.github/workflows in the github_actions group across 1 directory #10

Workflow file for this run

name: Snyk Security Vulnerability Scan
on:
workflow_dispatch:
pull_request:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
branches:
- 'main'
jobs:
snyk_scan_test:
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: snyk/actions/setup@master
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- name: Check changed Deps files
uses: tj-actions/changed-files@v41
id: changed-files
with:
files: |
**/requirements.txt
- name: Snyk scan for Python 3.8 dependencies
if: steps.changed-files.outputs.any_changed == 'true'
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt
snyk test -d --fail-on=all --file=requirements.txt --package-manager=pip --command=python3 --skip-unresolved
snyk_scan_monitor:
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest
steps:
- name: Extract github branch/tag name
shell: bash
run: echo "ref=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
id: extract_ref
- uses: actions/checkout@master
- uses: snyk/actions/setup@master
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- name: Snyk scan for Python 3.8 dependencies
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt
snyk monitor --command=python3 --skip-unresolved --package-manager=pip --org=nitro-cf8 --remote-repo-url=nitro-altair/${{steps.extract_ref.outputs.ref}} --file=requirements.txt --project-name=NITRO/nitro-altair/${{steps.extract_ref.outputs.ref}}/requirements.txt -d --fail-on=all