Skip to content

Commit

Permalink
fix nightlies
Browse files Browse the repository at this point in the history
  • Loading branch information
abyesilyurt committed May 14, 2024
1 parent 221986c commit 6d7e9c0
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 22 deletions.
43 changes: 25 additions & 18 deletions .github/workflows/container-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,14 @@ jobs:
# This is where you will need to introduce the Snyk API token created with your Snyk account
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

# Replace any "undefined" security severity values with 0. The undefined value is used in the case
# of license-related findings, which do not do not indicate a security vulnerability.
# See https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output
run: |
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
# Push the Snyk Code results into GitHub Code Scanning tab

- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand Down Expand Up @@ -352,29 +359,29 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Snyk CLI to check for security issues
# Snyk can be used to break the build when it detects security issues.
# In this case we want to upload the SAST issues to GitHub Code Scanning
uses: snyk/actions/setup@master
env:
# This is where you will need to introduce the Snyk API token created with your Snyk account
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Snyk auth
shell: bash
run: snyk config set api=$SNYK_TOKEN
env:
# This is where you will need to introduce the Snyk API token created with your Snyk account
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Snyk Container test
uses: snyk/actions/docker@master
continue-on-error: true
shell: bash
run: snyk container test traefik:v2.11.0 --sarif --sarif-file-output=snyk-code.sarif
env:
# This is where you will need to introduce the Snyk API token created with your Snyk account
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: traefik:v2.11.0
args: --sarif-file-output=snyk-code.sarif

# Replace any "undefined" security severity values with 0. The undefined value is used in the case
# of license-related findings, which do not do not indicate a security vulnerability.
# See https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output
run: |
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk-code.sarif
# Replace any "null" security severity values with 0. The undefined value is used in the case
# the NVD CVSS Score is not available.
# See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output for security severities set to "null"
run: |
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
# Push the Snyk Code results into GitHub Code Scanning tab
- name: Upload result to GitHub Code Scanning
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/pr-tests-stack-public.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ jobs:
strategy:
max-parallel: 99
matrix:
os: [ubuntu-latest, macos-latest, windows]
# issues with macos 14 arm https://github.com/crazy-max/ghaction-setup-docker/pull/53
os: [ubuntu-latest, macos-13, windows]
python-version: ["3.12"]
pytest-modules: ["frontend network"]
fail-fast: false
Expand Down Expand Up @@ -117,11 +118,11 @@ jobs:
chmod +x ~/.docker/cli-plugins/docker-compose
- name: Docker on MacOS
if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
uses: crazy-max/ghaction-setup-docker@v3.1.0
if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
uses: crazy-max/ghaction-setup-docker@v3.2.0

- name: Docker Compose on MacOS
if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-latest'
if: steps.changes.outputs.stack == 'true' && matrix.os == 'macos-13'
shell: bash
run: |
brew install docker-compose
Expand Down

0 comments on commit 6d7e9c0

Please sign in to comment.