fix nightlies

OpenMined · May 14, 2024 · 366cc47 · 366cc47
1 parent 221986c
commit 366cc47
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 39 deletions.
diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
@@ -275,29 +275,30 @@ jobs:
  steps:
  - uses: actions/checkout@v4
  - name: Set up Snyk CLI to check for security issues
- # Snyk can be used to break the build when it detects security issues.
- # In this case we want to upload the SAST issues to GitHub Code Scanning
- uses: snyk/actions/setup@master
- env:
- # This is where you will need to introduce the Snyk API token created with your Snyk account
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
- - name: Snyk auth
- shell: bash
- run: snyk config set api=$SNYK_TOKEN
- env:
- # This is where you will need to introduce the Snyk API token created with your Snyk account
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
  - name: Snyk Container test
+ uses: snyk/actions/docker@master
  continue-on-error: true
- shell: bash
- run: snyk container test mongo:7.0.0 --sarif --sarif-file-output=snyk-code.sarif
  env:
  # This is where you will need to introduce the Snyk API token created with your Snyk account
  SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ image: mongo:7.0.0
+ args: --sarif-file-output=snyk-code.sarif
+
+ # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+ # of license-related findings, which do not do not indicate a security vulnerability.
+ # See https://github.com/github/codeql-action/issues/2187 for more context.
+ - name: Post-process sarif output
+ run: |
+ sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
+
+ # Replace any "null" security severity values with 0. The undefined value is used in the case
+ # the NVD CVSS Score is not available.
+ # See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
+ - name: Post-process sarif output for security severities set to "null"
+ run: |
+ sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
 
- # Push the Snyk Code results into GitHub Code Scanning tab
  - name: Upload result to GitHub Code Scanning
  uses: github/codeql-action/upload-sarif@v3
  with:
@@ -352,29 +353,29 @@ jobs:
  actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
  runs-on: ubuntu-latest
  steps:
- - uses: actions/checkout@v4
- - name: Set up Snyk CLI to check for security issues
- # Snyk can be used to break the build when it detects security issues.
- # In this case we want to upload the SAST issues to GitHub Code Scanning
- uses: snyk/actions/setup@master
- env:
- # This is where you will need to introduce the Snyk API token created with your Snyk account
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
- - name: Snyk auth
- shell: bash
- run: snyk config set api=$SNYK_TOKEN
- env:
- # This is where you will need to introduce the Snyk API token created with your Snyk account
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
  - name: Snyk Container test
+ uses: snyk/actions/docker@master
  continue-on-error: true
- shell: bash
- run: snyk container test traefik:v2.11.0 --sarif --sarif-file-output=snyk-code.sarif
  env:
  # This is where you will need to introduce the Snyk API token created with your Snyk account
  SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ image: traefik:v2.11.0
+ args: --sarif-file-output=snyk-code.sarif
+
+ # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+ # of license-related findings, which do not do not indicate a security vulnerability.
+ # See https://github.com/github/codeql-action/issues/2187 for more context.
+ - name: Post-process sarif output
+ run: |
+ sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
+
+ # Replace any "null" security severity values with 0. The undefined value is used in the case
+ # the NVD CVSS Score is not available.
+ # See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
+ - name: Post-process sarif output for security severities set to "null"
+ run: |
+ sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk-code.sarif
 
  # Push the Snyk Code results into GitHub Code Scanning tab
  - name: Upload result to GitHub Code Scanning

diff --git a/.github/workflows/pr-tests-stack-public.yml b/.github/workflows/pr-tests-stack-public.yml
@@ -18,7 +18,8 @@ jobs:
  strategy:
  max-parallel: 99
  matrix:
- os: [ubuntu-latest, macos-latest, windows]
+ # issues with macos 14 arm https://github.com/crazy-max/ghaction-setup-docker/pull/53
+ os: [ubuntu-latest, macos-13, windows]
  python-version: ["3.12"]
  pytest-modules: ["frontend network"]
  fail-fast: false
@@ -117,11 +118,11 @@ jobs:
  chmod +x ~/.docker/cli-plugins/docker-compose
 
  - name: Docker on MacOS
- if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
- uses: crazy-max/ghaction-setup-docker@v3.1.0
+ if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
+ uses: crazy-max/ghaction-setup-docker@v3.2.0
 
  - name: Docker Compose on MacOS
- if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
+ if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
  shell: bash
  run: |
  brew install docker-compose