From 1fcebb1ac5ee387544a61dffcc99b7f407353fb4 Mon Sep 17 00:00:00 2001 From: Egor Kostan Date: Sun, 17 Nov 2024 21:33:31 -0800 Subject: [PATCH] Delete snyk.yml --- .github/workflows/snyk.yml | 71 -------------------------------------- 1 file changed, 71 deletions(-) delete mode 100644 .github/workflows/snyk.yml diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 981639bcecc..00000000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -name: "Snyk for a new build" - -on: # yamllint disable-line rule:truthy - pull_request_target: - types: - - opened - - edited - - synchronize - - reopened - workflow_call: - secrets: - snyk_token: - description: - 'A Snyk token passed from the caller workflow' - required: true -jobs: - security: - permissions: - # for actions/checkout to fetch code - contents: read - # for github/codeql-action/upload-sarif to upload SARIF results - security-events: write - # only required for a private repository by - # github/codeql-action/upload-sarif to get the Action run status - actions: read - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - uses: snyk/actions/setup@master - # Source: https://github.com/actions/setup-python - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - check-latest: true - - name: Install python prerequisites - run: - python -m pip install -r requirements.txt - # If you want to send data to Snyk, and be alerted when new - # vulnerabilities are discovered, you can run Snyk monitor like so: - - name: Run Snyk to send data to Snyk - run: - snyk monitor - env: - token: ${{ secrets.snyk_token }} - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Check/Upgrade setuptools version - run: | - python --version - python -m pip install --upgrade pip wheel - yes | python -m pip uninstall setuptools - python -m pip install --upgrade setuptools - python -m pip show setuptools - - name: Run Snyk to check for vulnerabilities - # yamllint disable rule:line-length - run: - snyk test --sarif-file-output=snyk.sarif --file=requirements.txt --package-manager=pip - # yamllint enable rule:line-length - env: - token: ${{ secrets.snyk_token }} - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - # To make sure that SARIF upload gets called - # continue-on-error: true - # Push the Snyk Code results into GitHub Code Scanning tab - - name: Upload result to GitHub Code Scanning - # Run a github-actions step, even if the previous step fails, - # while still failing the job - if: success() || failure() - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: snyk.sarif