Skip to content

Sync Snyk GitHub issues #1397

Sync Snyk GitHub issues

Sync Snyk GitHub issues #1397

name: Sync Snyk GitHub issues
on:
workflow_dispatch:
schedule:
- cron: '0 */4 * * *'
jobs:
sync:
if: github.repository == 'backstage/backstage' # prevent running on forks
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: use node.js 18.x
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18.x
registry-url: https://registry.npmjs.org/ # Needed for auth
- name: yarn install
uses: backstage/actions/yarn-install@772cef06641090d0095188e15c85647acdf0c250 # v0.6.11
with:
cache-prefix: ${{ runner.os }}-v18.x
- name: Create Snyk report
uses: snyk/actions/node@d406fd286b663eb8c6f8adcced4f7bcd199c0a3f # master
continue-on-error: true # Snyk CLI exits with error when vulnerabilities are found
with:
args: >
--yarn-workspaces
--org=backstage-dgh
--strict-out-of-sync=false
--json-file-output=snyk.json
--debug
json: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
NODE_OPTIONS: --max-old-space-size=7168
- name: Update Github issues
run: ./scripts/snyk-github-issue-sync.ts
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}