forked from snyk-playground/snyk-code-pr-check-changed-files
-
Notifications
You must be signed in to change notification settings - Fork 0
53 lines (47 loc) · 2.07 KB
/
snyk-code-diff-pr-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
name: snyk-code-diff-pr-check
on:
pull_request
jobs:
test-only-changes:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: setup snyk
run: |
# download latest snyk cli and make it executable
curl https://static.snyk.io/cli/latest/snyk-linux -L -o snyk
chmod +x ./snyk
mv ./snyk /usr/local/bin/
- name: snyk test
run: |
# authenticate snyk
snyk auth ${{ secrets.SNYK_TOKEN }}
# run snyk code test, export output to a sarif file and set it to not fail if issues
snyk code test --org="demo org" --sarif-file-output=snyk.sarif || true
- name: results for changed files
run: |
curl https://github.com/stedolan/jq/releases/latest/download/jq-linux64 -L -o jq
chmod +x ./jq
mv ./jq /usr/local/bin/
# make our local executable
chmod +x "${GITHUB_WORKSPACE}/.github/scripts/codeprcheck.sh"
# run codeprcheck.sh which outputs an updated sarif with snyk code results on modified files
# the input for codeprcheck.sh is the sarif file exported from snyk code test
${GITHUB_WORKSPACE}/.github/scripts/codeprcheck.sh snyk.sarif snykupdated.sarif
# list all of the contents of the workspace using long listing format (intended to help confirm updated sarif creation)
ls -al
- name: generate snyk report
run: |
# make our local executable
curl https://github.com/snyk/snyk-to-html/releases/latest/download/snyk-to-html-linux -L -o snyk-to-html
chmod +x ./snyk-to-html
mv ./snyk-to-html /usr/local/bin/
snyk-to-html -i snykupdated.sarif > snykreport.html
# list all of the contents of the workspace using long listing format (intended to help confirm updated sarif creation)
ls -al
- name: upload snyk report
uses: actions/upload-artifact@v3
with:
name: snyk-report
path: snykreport.html